# Copyright (C) 2009, 2010, 2013, 2014 Nicira Networks, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without warranty of any kind.
#
# If tests have to be skipped while building, specify the '--without check'
# option. For example:
# rpmbuild -bb --without check rhel/openvswitch-fedora.spec
# This defines the base package name's version.
%define pkgver 2.13
%define pkgname ovn23.06
# If libcap-ng isn't available and there is no need for running OVS
# as regular user, specify the '--without libcapng'
%bcond_without libcapng
# Enable PIE, bz#955181
%global _hardened_build 1
# RHEL-7 doesn't define _rundir macro yet
# Fedora 15 onwards uses /run as _rundir
%if 0%{!?_rundir:1}
%define _rundir /run
%endif
# Build python2 (that provides python) and python3 subpackages on Fedora
# Build only python3 (that provides python) subpackage on RHEL8
# Build only python subpackage on RHEL7
%if 0%{?rhel} > 7 || 0%{?fedora}
# On RHEL8 Sphinx is included in buildroot
%global external_sphinx 1
%else
# Don't use external sphinx (RHV doesn't have optional repositories enabled)
%global external_sphinx 0
%endif
# We would see rpmlinit error - E: hardcoded-library-path in '% {_prefix}/lib'.
# But there is no solution to fix this. Using {_lib} macro will solve the
# rpmlink error, but will install the files in /usr/lib64/.
# OVN pacemaker ocf script file is copied in /usr/lib/ocf/resource.d/ovn/
# and we are not sure if pacemaker looks into this path to find the
# OVN resource agent script.
%global ovnlibdir %{_prefix}/lib
Name: %{pkgname}
Summary: Open Virtual Network support
Group: System Environment/Daemons
URL: http://www.ovn.org/
Version: 23.06.1
Release: 11%{?commit0:.%{date}git%{shortcommit0}}%{?dist}
Provides: openvswitch%{pkgver}-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release}
Obsoletes: openvswitch%{pkgver}-ovn-common < 2.11.0-1
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are SISSL
License: ASL 2.0 and LGPLv2+ and SISSL
%define ovncommit a20f880efdba9dcf19c1df77b31a3b8b9dffa345
# Always pull an upstream release, since this is what we rebase to.
Source: https://github.com/ovn-org/ovn/archive/%{ovncommit}.tar.gz#/ovn-%{version}.tar.gz
%define ovscommit 0187eadfce4505d502e57c0e688b830f0a1ec728
%define ovsshortcommit 0187ead
Source10: https://github.com/openvswitch/ovs/archive/%{ovscommit}.tar.gz#/openvswitch-%{ovsshortcommit}.tar.gz
%define ovsdir ovs-%{ovscommit}
%define docutilsver 0.12
%define pygmentsver 1.4
%define sphinxver 1.1.3
Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz
Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz
Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz
Source500: configlib.sh
Source501: gen_config_group.sh
Source502: set_config.sh
# Important: source503 is used as the actual copy file
# @TODO: this causes a warning - fix it?
Source504: arm64-armv8a-linuxapp-gcc-config
Source505: ppc_64-power8-linuxapp-gcc-config
Source506: x86_64-native-linuxapp-gcc-config
Patch: %{pkgname}.patch
# FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's
# in the -optional repository and so we can't require it directly since RHV
# doesn't have the -optional repository enabled and so TPS fails
%if %{external_sphinx}
BuildRequires: python3-sphinx
%else
# Sphinx dependencies
BuildRequires: python-devel
BuildRequires: python-setuptools
#BuildRequires: python2-docutils
BuildRequires: python-jinja2
BuildRequires: python-nose
#BuildRequires: python2-pygments
# docutils dependencies
BuildRequires: python-imaging
# pygments dependencies
BuildRequires: python-nose
%endif
BuildRequires: gcc gcc-c++ make
BuildRequires: autoconf automake libtool
BuildRequires: systemd-units openssl openssl-devel
BuildRequires: python3-devel python3-setuptools
BuildRequires: desktop-file-utils
BuildRequires: groff-base graphviz
BuildRequires: unbound-devel
# make check dependencies
BuildRequires: procps-ng
%if 0%{?rhel} == 8 || 0%{?fedora}
BuildRequires: python3-pyOpenSSL
%endif
BuildRequires: tcpdump
%if %{with libcapng}
BuildRequires: libcap-ng libcap-ng-devel
%endif
Requires: hostname openssl iproute module-init-tools
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
# to skip running checks, pass --without check
%bcond_without check
%description
OVN, the Open Virtual Network, is a system to support virtual network
abstraction. OVN complements the existing capabilities of OVS to add
native support for virtual network abstractions, such as virtual L2 and L3
overlays and security groups.
%package central
Summary: Open Virtual Network support
License: ASL 2.0
Requires: %{pkgname}
Requires: firewalld-filesystem
Provides: openvswitch%{pkgver}-ovn-central = %{?epoch:%{epoch}:}%{version}-%{release}
Obsoletes: openvswitch%{pkgver}-ovn-central < 2.11.0-1
%description central
OVN DB servers and ovn-northd running on a central node.
%package host
Summary: Open Virtual Network support
License: ASL 2.0
Requires: %{pkgname}
Requires: firewalld-filesystem
Provides: openvswitch%{pkgver}-ovn-host = %{?epoch:%{epoch}:}%{version}-%{release}
Obsoletes: openvswitch%{pkgver}-ovn-host < 2.11.0-1
%description host
OVN controller running on each host.
%package vtep
Summary: Open Virtual Network support
License: ASL 2.0
Requires: %{pkgname}
Provides: openvswitch%{pkgver}-ovn-vtep = %{?epoch:%{epoch}:}%{version}-%{release}
Obsoletes: openvswitch%{pkgver}-ovn-vtep < 2.11.0-1
%description vtep
OVN vtep controller
%prep
%autosetup -n ovn-%{ovncommit} -a 10 -p 1
%build
%if 0%{?commit0:1}
# fix the snapshot unreleased version to be the released one.
sed -i.old -e "s/^AC_INIT(openvswitch,.*,/AC_INIT(openvswitch, %{version},/" configure.ac
%endif
./boot.sh
# OVN source code is now separate.
# Build openvswitch first.
# XXX Current openvswitch2.13 doesn't
# use "2.13.0" for version. It's a commit hash
pushd %{ovsdir}
./boot.sh
%configure \
%if %{with libcapng}
--enable-libcapng \
%else
--disable-libcapng \
%endif
--enable-ssl \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki
make %{?_smp_mflags}
popd
# Build OVN.
# XXX OVS version needs to be updated when ovs2.13 is updated.
%configure \
--with-ovs-source=$PWD/%{ovsdir} \
%if %{with libcapng}
--enable-libcapng \
%else
--disable-libcapng \
%endif
--enable-ssl \
--with-pkidir=%{_sharedstatedir}/openvswitch/pki
make %{?_smp_mflags}
%install
%make_install
install -p -D -m 0644 \
rhel/usr_share_ovn_scripts_systemd_sysconfig.template \
$RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn
for service in ovn-controller ovn-controller-vtep ovn-northd; do
install -p -D -m 0644 \
rhel/usr_lib_systemd_system_${service}.service \
$RPM_BUILD_ROOT%{_unitdir}/${service}.service
done
install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/ovn
install -d $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/
install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
$RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ovn-central-firewall-service.xml
install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
$RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ovn-host-firewall-service.xml
install -d -m 0755 $RPM_BUILD_ROOT%{ovnlibdir}/ocf/resource.d/ovn
ln -s %{_datadir}/ovn/scripts/ovndb-servers.ocf \
$RPM_BUILD_ROOT%{ovnlibdir}/ocf/resource.d/ovn/ovndb-servers
install -p -D -m 0644 rhel/etc_logrotate.d_ovn \
$RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/ovn
# remove unneeded files.
rm -f $RPM_BUILD_ROOT%{_bindir}/ovs*
rm -f $RPM_BUILD_ROOT%{_bindir}/vtep-ctl
rm -f $RPM_BUILD_ROOT%{_sbindir}/ovs*
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovs*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovs*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/vtep*
rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovs*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovs*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/vtep*
rm -rf $RPM_BUILD_ROOT%{_datadir}/ovn/python
rm -f $RPM_BUILD_ROOT%{_datadir}/ovn/scripts/ovs*
rm -rf $RPM_BUILD_ROOT%{_datadir}/ovn/bugtool-plugins
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*.pc
rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/*
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/openvswitch
rm -f $RPM_BUILD_ROOT%{_datadir}/ovn/scripts/ovn-bugtool*
rm -f $RPM_BUILD_ROOT/%{_bindir}/ovn-docker-overlay-driver \
$RPM_BUILD_ROOT/%{_bindir}/ovn-docker-underlay-driver
%check
%if %{with check}
touch resolv.conf
export OVS_RESOLV_CONF=$(pwd)/resolv.conf
if ! make check TESTSUITEFLAGS='%{_smp_mflags}'; then
cat tests/testsuite.log
if ! make check TESTSUITEFLAGS='--recheck'; then
cat tests/testsuite.log
# Presently a test case - "2796: ovn -- ovn-controller incremental processing"
# is failing on aarch64 arch. Let's not exit for this arch
# until we figure out why it is failing.
# Test case 93: ovn.at:12105 ovn -- ACLs on Port Groups is failing
# repeatedly on s390x. This needs to be investigated.
%ifnarch aarch64
%ifnarch ppc64le
%ifnarch s390x
exit 1
%endif
%endif
%endif
fi
fi
%endif
%clean
rm -rf $RPM_BUILD_ROOT
%pre central
if [ $1 -eq 1 ] ; then
# Package install.
/bin/systemctl status ovn-northd.service >/dev/null
ovn_status=$?
rpm -ql openvswitch-ovn-central > /dev/null
if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then
# ovn-northd service is running which means old openvswitch-ovn-central
# is already installed and it will be cleaned up. So start ovn-northd
# service when posttrans central is called.
touch %{_localstatedir}/lib/rpm-state/ovn-northd
fi
fi
%pre host
if [ $1 -eq 1 ] ; then
# Package install.
/bin/systemctl status ovn-controller.service >/dev/null
ovn_status=$?
rpm -ql openvswitch-ovn-host > /dev/null
if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then
# ovn-controller service is running which means old
# openvswitch-ovn-host is installed and it will be cleaned up. So
# start ovn-controller service when posttrans host is called.
touch %{_localstatedir}/lib/rpm-state/ovn-controller
fi
fi
%pre vtep
if [ $1 -eq 1 ] ; then
# Package install.
/bin/systemctl status ovn-controller-vtep.service >/dev/null
ovn_status=$?
rpm -ql openvswitch-ovn-vtep > /dev/null
if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then
# ovn-controller-vtep service is running which means old
# openvswitch-ovn-vtep is installed and it will be cleaned up. So
# start ovn-controller-vtep service when posttrans host is called.
touch %{_localstatedir}/lib/rpm-state/ovn-controller-vtep
fi
fi
%preun central
%if 0%{?systemd_preun:1}
%systemd_preun ovn-northd.service
%else
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable ovn-northd.service >/dev/null 2>&1 || :
/bin/systemctl stop ovn-northd.service >/dev/null 2>&1 || :
fi
%endif
%preun host
%if 0%{?systemd_preun:1}
%systemd_preun ovn-controller.service
%else
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable ovn-controller.service >/dev/null 2>&1 || :
/bin/systemctl stop ovn-controller.service >/dev/null 2>&1 || :
fi
%endif
%preun vtep
%if 0%{?systemd_preun:1}
%systemd_preun ovn-controller-vtep.service
%else
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable ovn-controller-vtep.service >/dev/null 2>&1 || :
/bin/systemctl stop ovn-controller-vtep.service >/dev/null 2>&1 || :
fi
%endif
%post
%if %{with libcapng}
if [ $1 -eq 1 ]; then
sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn
sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/ovn
fi
%endif
%post central
%if 0%{?systemd_post:1}
%systemd_post ovn-northd.service
%else
# Package install, not upgrade
if [ $1 -eq 1 ]; then
/bin/systemctl daemon-reload >dev/null || :
fi
%endif
%post host
%if 0%{?systemd_post:1}
%systemd_post ovn-controller.service
%else
# Package install, not upgrade
if [ $1 -eq 1 ]; then
/bin/systemctl daemon-reload >dev/null || :
fi
%endif
%post vtep
%if 0%{?systemd_post:1}
%systemd_post ovn-controller-vtep.service
%else
# Package install, not upgrade
if [ $1 -eq 1 ]; then
/bin/systemctl daemon-reload >dev/null || :
fi
%endif
%postun
%postun central
%if 0%{?systemd_postun_with_restart:1}
%systemd_postun_with_restart ovn-northd.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart ovn-northd.service >/dev/null 2>&1 || :
fi
%endif
%postun host
%if 0%{?systemd_postun_with_restart:1}
%systemd_postun_with_restart ovn-controller.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart ovn-controller.service >/dev/null 2>&1 || :
fi
%endif
%postun vtep
%if 0%{?systemd_postun_with_restart:1}
%systemd_postun_with_restart ovn-controller-vtep.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart ovn-controller-vtep.service >/dev/null 2>&1 || :
fi
%endif
%posttrans central
if [ $1 -eq 1 ]; then
# Package install, not upgrade
if [ -e %{_localstatedir}/lib/rpm-state/ovn-northd ]; then
rm %{_localstatedir}/lib/rpm-state/ovn-northd
/bin/systemctl start ovn-northd.service >/dev/null 2>&1 || :
fi
fi
%posttrans host
if [ $1 -eq 1 ]; then
# Package install, not upgrade
if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller ]; then
rm %{_localstatedir}/lib/rpm-state/ovn-controller
/bin/systemctl start ovn-controller.service >/dev/null 2>&1 || :
fi
fi
%posttrans vtep
if [ $1 -eq 1 ]; then
# Package install, not upgrade
if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller-vtep ]; then
rm %{_localstatedir}/lib/rpm-state/ovn-controller-vtep
/bin/systemctl start ovn-controller-vtep.service >/dev/null 2>&1 || :
fi
fi
%files
%{_bindir}/ovn-nbctl
%{_bindir}/ovn-sbctl
%{_bindir}/ovn-trace
%{_bindir}/ovn-detrace
%{_bindir}/ovn_detrace.py
%{_bindir}/ovn-appctl
%{_bindir}/ovn-ic-nbctl
%{_bindir}/ovn-ic-sbctl
%dir %{_datadir}/ovn/
%dir %{_datadir}/ovn/scripts/
%{_datadir}/ovn/scripts/ovn-ctl
%{_datadir}/ovn/scripts/ovn-lib
%{_datadir}/ovn/scripts/ovndb-servers.ocf
%{_mandir}/man8/ovn-ctl.8*
%{_mandir}/man8/ovn-appctl.8*
%{_mandir}/man8/ovn-nbctl.8*
%{_mandir}/man8/ovn-ic-nbctl.8*
%{_mandir}/man8/ovn-trace.8*
%{_mandir}/man1/ovn-detrace.1*
%{_mandir}/man7/ovn-architecture.7*
%{_mandir}/man8/ovn-sbctl.8*
%{_mandir}/man8/ovn-ic-sbctl.8*
%{_mandir}/man5/ovn-nb.5*
%{_mandir}/man5/ovn-ic-nb.5*
%{_mandir}/man5/ovn-sb.5*
%{_mandir}/man5/ovn-ic-sb.5*
%dir %{ovnlibdir}/ocf/resource.d/ovn/
%{ovnlibdir}/ocf/resource.d/ovn/ovndb-servers
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/logrotate.d/ovn
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/ovn
%files central
%{_bindir}/ovn-northd
%{_bindir}/ovn-ic
%{_mandir}/man8/ovn-northd.8*
%{_mandir}/man8/ovn-ic.8*
%{_datadir}/ovn/ovn-nb.ovsschema
%{_datadir}/ovn/ovn-ic-nb.ovsschema
%{_datadir}/ovn/ovn-sb.ovsschema
%{_datadir}/ovn/ovn-ic-sb.ovsschema
%{_unitdir}/ovn-northd.service
%{ovnlibdir}/firewalld/services/ovn-central-firewall-service.xml
%files host
%{_bindir}/ovn-controller
%{_mandir}/man8/ovn-controller.8*
%{_unitdir}/ovn-controller.service
%{ovnlibdir}/firewalld/services/ovn-host-firewall-service.xml
%files vtep
%{_bindir}/ovn-controller-vtep
%{_mandir}/man8/ovn-controller-vtep.8*
%{_unitdir}/ovn-controller-vtep.service
%changelog
* Thu Sep 14 2023 Lorenzo Bianconi <lorenzo.bianconi@redhat.com> - 23.06.1-11
- northd: check if parent_name is set for tag_request 0
[Upstream: c869db90e2b18515caad8ad95555d989d3379e3f]
* Thu Sep 14 2023 Ales Musil <amusil@redhat.com> - 23.06.1-10
- ofctrl: Prevent conjunction duplication (#2175928)
[Upstream: 4281178a8882d0194ce8edf35018227ab20fa80e]
* Thu Sep 14 2023 Ales Musil <amusil@redhat.com> - 23.06.1-9
- ofctrl: Do not try to program long flows (#1955167)
[Upstream: f18bbbbc1ec0110cde8146ea4e2b34b1ec488ba7]
* Mon Sep 11 2023 Dumitru Ceara <dceara@redhat.com> - 23.06.1-8
- northd: Always ct commit ECMP symmetric traffic in the original direction.
[Upstream: 6de90ba4c43e1798a63167fd7f790126cf240e9c]
* Wed Sep 06 2023 Ihar Hrachyshka <ihrachys@redhat.com> - 23.06.1-7
- Use correct nw_ttl=255 to match against legit NAs
[Upstream: 059d1337af1be97b8f89fcf65e2ba6c9ae217d76]
* Wed Sep 06 2023 Dumitru Ceara <dceara@redhat.com> - 23.06.1-6
- checkpatch: Ignore yml files when checking line lengths.
[Upstream: 18b9ca0630c537b142d6ac849a6a2092d4f5bc0f]
* Wed Aug 30 2023 Ales Musil <amusil@redhat.com> - 23.06.1-5
- northd: Make sure that skip_snat=true is evaluated before force_snat (#2224260)
[Upstream: 04cf3fd8c2de752ac6ca538f6570547a69dcaac3]
* Tue Aug 29 2023 Mark Michelson <mmichels@redhat.com> - 23.06.1-4
- Prepare for 23.06.2.
[Upstream: c215b5237d46e7aa3b7e095f1e955db5b646e4eb]