# Copyright (C) 2009, 2010, 2013, 2014 Nicira Networks, Inc. # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright # notice and this notice are preserved. This file is offered as-is, # without warranty of any kind. # # If tests have to be skipped while building, specify the '--without check' # option. For example: # rpmbuild -bb --without check rhel/openvswitch-fedora.spec # This defines the base package name's version. %define pkgver 2.13 %define pkgname ovn-2021 # If libcap-ng isn't available and there is no need for running OVS # as regular user, specify the '--without libcapng' %bcond_without libcapng # Enable PIE, bz#955181 %global _hardened_build 1 # RHEL-7 doesn't define _rundir macro yet # Fedora 15 onwards uses /run as _rundir %if 0%{!?_rundir:1} %define _rundir /run %endif # Build python2 (that provides python) and python3 subpackages on Fedora # Build only python3 (that provides python) subpackage on RHEL8 # Build only python subpackage on RHEL7 %if 0%{?rhel} > 7 || 0%{?fedora} # On RHEL8 Sphinx is included in buildroot %global external_sphinx 1 %else # Don't use external sphinx (RHV doesn't have optional repositories enabled) %global external_sphinx 0 %endif # We would see rpmlinit error - E: hardcoded-library-path in '% {_prefix}/lib'. # But there is no solution to fix this. Using {_lib} macro will solve the # rpmlink error, but will install the files in /usr/lib64/. # OVN pacemaker ocf script file is copied in /usr/lib/ocf/resource.d/ovn/ # and we are not sure if pacemaker looks into this path to find the # OVN resource agent script. %global ovnlibdir %{_prefix}/lib Name: %{pkgname} Summary: Open Virtual Network support Group: System Environment/Daemons URL: http://www.ovn.org/ Version: 21.06.0 Release: 17%{?commit0:.%{date}git%{shortcommit0}}%{?dist} Provides: openvswitch%{pkgver}-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-common < 2.11.0-1 # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL License: ASL 2.0 and LGPLv2+ and SISSL # Always pull an upstream release, since this is what we rebase to. Source: https://github.com/ovn-org/ovn/archive/v%{version}.tar.gz#/ovn-%{version}.tar.gz %define ovscommit e6ad4d8d9c9273f226ec9a993b64fccfb50bdf4c %define ovsshortcommit e6ad4d8 Source10: https://github.com/openvswitch/ovs/archive/%{ovscommit}.tar.gz#/openvswitch-%{ovsshortcommit}.tar.gz %define ovsdir ovs-%{ovscommit} %define docutilsver 0.12 %define pygmentsver 1.4 %define sphinxver 1.1.3 Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz Source500: configlib.sh Source501: gen_config_group.sh Source502: set_config.sh # Important: source503 is used as the actual copy file # @TODO: this causes a warning - fix it? Source504: arm64-armv8a-linuxapp-gcc-config Source505: ppc_64-power8-linuxapp-gcc-config Source506: x86_64-native-linuxapp-gcc-config Patch: ovn-%{version}.patch # FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's # in the -optional repository and so we can't require it directly since RHV # doesn't have the -optional repository enabled and so TPS fails %if %{external_sphinx} BuildRequires: python3-sphinx %else # Sphinx dependencies BuildRequires: python-devel BuildRequires: python-setuptools #BuildRequires: python2-docutils BuildRequires: python-jinja2 BuildRequires: python-nose #BuildRequires: python2-pygments # docutils dependencies BuildRequires: python-imaging # pygments dependencies BuildRequires: python-nose %endif BuildRequires: gcc gcc-c++ make BuildRequires: autoconf automake libtool BuildRequires: systemd-units openssl openssl-devel BuildRequires: python3-devel python3-setuptools BuildRequires: desktop-file-utils BuildRequires: groff-base graphviz BuildRequires: unbound-devel # make check dependencies BuildRequires: procps-ng %if 0%{?rhel} > 7 || 0%{?fedora} BuildRequires: python3-pyOpenSSL %endif BuildRequires: tcpdump %if %{with libcapng} BuildRequires: libcap-ng libcap-ng-devel %endif Requires: hostname openssl iproute module-init-tools Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units # to skip running checks, pass --without check %bcond_without check %description OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. %package central Summary: Open Virtual Network support License: ASL 2.0 Requires: %{pkgname} Requires: firewalld-filesystem Provides: openvswitch%{pkgver}-ovn-central = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-central < 2.11.0-1 %description central OVN DB servers and ovn-northd running on a central node. %package host Summary: Open Virtual Network support License: ASL 2.0 Requires: %{pkgname} Requires: firewalld-filesystem Provides: openvswitch%{pkgver}-ovn-host = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-host < 2.11.0-1 %description host OVN controller running on each host. %package vtep Summary: Open Virtual Network support License: ASL 2.0 Requires: %{pkgname} Provides: openvswitch%{pkgver}-ovn-vtep = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-vtep < 2.11.0-1 %description vtep OVN vtep controller %prep %if 0%{?commit0:1} %autosetup -n ovn-%{commit0} -a 10 -p 1 %else %autosetup -n ovn-%{version} -a 10 -p 1 %endif %build %if 0%{?commit0:1} # fix the snapshot unreleased version to be the released one. sed -i.old -e "s/^AC_INIT(openvswitch,.*,/AC_INIT(openvswitch, %{version},/" configure.ac %endif ./boot.sh # OVN source code is now separate. # Build openvswitch first. # XXX Current openvswitch2.13 doesn't # use "2.13.0" for version. It's a commit hash pushd %{ovsdir} ./boot.sh %configure \ %if %{with libcapng} --enable-libcapng \ %else --disable-libcapng \ %endif --enable-ssl \ --with-pkidir=%{_sharedstatedir}/openvswitch/pki make %{?_smp_mflags} popd # Build OVN. # XXX OVS version needs to be updated when ovs2.13 is updated. %configure \ --with-ovs-source=$PWD/%{ovsdir} \ %if %{with libcapng} --enable-libcapng \ %else --disable-libcapng \ %endif --enable-ssl \ --with-pkidir=%{_sharedstatedir}/openvswitch/pki make %{?_smp_mflags} %install %make_install install -p -D -m 0644 \ rhel/usr_share_ovn_scripts_systemd_sysconfig.template \ $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn for service in ovn-controller ovn-controller-vtep ovn-northd; do install -p -D -m 0644 \ rhel/usr_lib_systemd_system_${service}.service \ $RPM_BUILD_ROOT%{_unitdir}/${service}.service done install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/ovn install -d $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \ $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ovn-central-firewall-service.xml install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \ $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ovn-host-firewall-service.xml install -d -m 0755 $RPM_BUILD_ROOT%{ovnlibdir}/ocf/resource.d/ovn ln -s %{_datadir}/ovn/scripts/ovndb-servers.ocf \ $RPM_BUILD_ROOT%{ovnlibdir}/ocf/resource.d/ovn/ovndb-servers install -p -D -m 0644 rhel/etc_logrotate.d_ovn \ $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/ovn # remove unneeded files. rm -f $RPM_BUILD_ROOT%{_bindir}/ovs* rm -f $RPM_BUILD_ROOT%{_bindir}/vtep-ctl rm -f $RPM_BUILD_ROOT%{_sbindir}/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man5/vtep* rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man8/vtep* rm -rf $RPM_BUILD_ROOT%{_datadir}/ovn/python rm -f $RPM_BUILD_ROOT%{_datadir}/ovn/scripts/ovs* rm -rf $RPM_BUILD_ROOT%{_datadir}/ovn/bugtool-plugins rm -f $RPM_BUILD_ROOT%{_libdir}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*.pc rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/* rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/openvswitch rm -f $RPM_BUILD_ROOT%{_datadir}/ovn/scripts/ovn-bugtool* rm -f $RPM_BUILD_ROOT/%{_bindir}/ovn-docker-overlay-driver \ $RPM_BUILD_ROOT/%{_bindir}/ovn-docker-underlay-driver %check %if %{with check} touch resolv.conf export OVS_RESOLV_CONF=$(pwd)/resolv.conf if ! make check TESTSUITEFLAGS='%{_smp_mflags}'; then cat tests/testsuite.log if ! make check TESTSUITEFLAGS='--recheck'; then cat tests/testsuite.log # Presently a test case - "2796: ovn -- ovn-controller incremental processing" # is failing on aarch64 arch. Let's not exit for this arch # until we figure out why it is failing. # Test case 93: ovn.at:12105 ovn -- ACLs on Port Groups is failing # repeatedly on s390x. This needs to be investigated. %ifnarch aarch64 %ifnarch ppc64le %ifnarch s390x exit 1 %endif %endif %endif fi fi %endif %clean rm -rf $RPM_BUILD_ROOT %pre central if [ $1 -eq 1 ] ; then # Package install. /bin/systemctl status ovn-northd.service >/dev/null ovn_status=$? rpm -ql openvswitch-ovn-central > /dev/null if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then # ovn-northd service is running which means old openvswitch-ovn-central # is already installed and it will be cleaned up. So start ovn-northd # service when posttrans central is called. touch %{_localstatedir}/lib/rpm-state/ovn-northd fi fi %pre host if [ $1 -eq 1 ] ; then # Package install. /bin/systemctl status ovn-controller.service >/dev/null ovn_status=$? rpm -ql openvswitch-ovn-host > /dev/null if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then # ovn-controller service is running which means old # openvswitch-ovn-host is installed and it will be cleaned up. So # start ovn-controller service when posttrans host is called. touch %{_localstatedir}/lib/rpm-state/ovn-controller fi fi %pre vtep if [ $1 -eq 1 ] ; then # Package install. /bin/systemctl status ovn-controller-vtep.service >/dev/null ovn_status=$? rpm -ql openvswitch-ovn-vtep > /dev/null if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then # ovn-controller-vtep service is running which means old # openvswitch-ovn-vtep is installed and it will be cleaned up. So # start ovn-controller-vtep service when posttrans host is called. touch %{_localstatedir}/lib/rpm-state/ovn-controller-vtep fi fi %preun central %if 0%{?systemd_preun:1} %systemd_preun ovn-northd.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable ovn-northd.service >/dev/null 2>&1 || : /bin/systemctl stop ovn-northd.service >/dev/null 2>&1 || : fi %endif %preun host %if 0%{?systemd_preun:1} %systemd_preun ovn-controller.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable ovn-controller.service >/dev/null 2>&1 || : /bin/systemctl stop ovn-controller.service >/dev/null 2>&1 || : fi %endif %preun vtep %if 0%{?systemd_preun:1} %systemd_preun ovn-controller-vtep.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable ovn-controller-vtep.service >/dev/null 2>&1 || : /bin/systemctl stop ovn-controller-vtep.service >/dev/null 2>&1 || : fi %endif %post %if %{with libcapng} if [ $1 -eq 1 ]; then sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/ovn fi %endif %post central %if 0%{?systemd_post:1} %systemd_post ovn-northd.service %else # Package install, not upgrade if [ $1 -eq 1 ]; then /bin/systemctl daemon-reload >dev/null || : fi %endif %post host %if 0%{?systemd_post:1} %systemd_post ovn-controller.service %else # Package install, not upgrade if [ $1 -eq 1 ]; then /bin/systemctl daemon-reload >dev/null || : fi %endif %post vtep %if 0%{?systemd_post:1} %systemd_post ovn-controller-vtep.service %else # Package install, not upgrade if [ $1 -eq 1 ]; then /bin/systemctl daemon-reload >dev/null || : fi %endif %postun %postun central %if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart ovn-northd.service %else /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ovn-northd.service >/dev/null 2>&1 || : fi %endif %postun host %if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart ovn-controller.service %else /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ovn-controller.service >/dev/null 2>&1 || : fi %endif %postun vtep %if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart ovn-controller-vtep.service %else /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ovn-controller-vtep.service >/dev/null 2>&1 || : fi %endif %posttrans central if [ $1 -eq 1 ]; then # Package install, not upgrade if [ -e %{_localstatedir}/lib/rpm-state/ovn-northd ]; then rm %{_localstatedir}/lib/rpm-state/ovn-northd /bin/systemctl start ovn-northd.service >/dev/null 2>&1 || : fi fi %posttrans host if [ $1 -eq 1 ]; then # Package install, not upgrade if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller ]; then rm %{_localstatedir}/lib/rpm-state/ovn-controller /bin/systemctl start ovn-controller.service >/dev/null 2>&1 || : fi fi %posttrans vtep if [ $1 -eq 1 ]; then # Package install, not upgrade if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller-vtep ]; then rm %{_localstatedir}/lib/rpm-state/ovn-controller-vtep /bin/systemctl start ovn-controller-vtep.service >/dev/null 2>&1 || : fi fi %files %{_bindir}/ovn-nbctl %{_bindir}/ovn-sbctl %{_bindir}/ovn-trace %{_bindir}/ovn-detrace %{_bindir}/ovn-appctl %{_bindir}/ovn-ic-nbctl %{_bindir}/ovn-ic-sbctl %dir %{_datadir}/ovn/ %dir %{_datadir}/ovn/scripts/ %{_datadir}/ovn/scripts/ovn-ctl %{_datadir}/ovn/scripts/ovn-lib %{_datadir}/ovn/scripts/ovndb-servers.ocf %{_mandir}/man8/ovn-ctl.8* %{_mandir}/man8/ovn-appctl.8* %{_mandir}/man8/ovn-nbctl.8* %{_mandir}/man8/ovn-ic-nbctl.8* %{_mandir}/man8/ovn-trace.8* %{_mandir}/man1/ovn-detrace.1* %{_mandir}/man7/ovn-architecture.7* %{_mandir}/man8/ovn-sbctl.8* %{_mandir}/man8/ovn-ic-sbctl.8* %{_mandir}/man5/ovn-nb.5* %{_mandir}/man5/ovn-ic-nb.5* %{_mandir}/man5/ovn-sb.5* %{_mandir}/man5/ovn-ic-sb.5* %dir %{ovnlibdir}/ocf/resource.d/ovn/ %{ovnlibdir}/ocf/resource.d/ovn/ovndb-servers %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/logrotate.d/ovn %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/ovn %files central %{_bindir}/ovn-northd %{_bindir}/ovn-ic %{_mandir}/man8/ovn-northd.8* %{_mandir}/man8/ovn-ic.8* %{_datadir}/ovn/ovn-nb.ovsschema %{_datadir}/ovn/ovn-ic-nb.ovsschema %{_datadir}/ovn/ovn-sb.ovsschema %{_datadir}/ovn/ovn-ic-sb.ovsschema %{_unitdir}/ovn-northd.service %{ovnlibdir}/firewalld/services/ovn-central-firewall-service.xml %files host %{_bindir}/ovn-controller %{_mandir}/man8/ovn-controller.8* %{_unitdir}/ovn-controller.service %{ovnlibdir}/firewalld/services/ovn-host-firewall-service.xml %files vtep %{_bindir}/ovn-controller-vtep %{_mandir}/man8/ovn-controller-vtep.8* %{_unitdir}/ovn-controller-vtep.service %changelog * Tue Jul 27 2021 Numan Siddique - 21.06.0-17 - ovn-controller: Split logical flow and physical flow processing. (#1986484) [Gerrit: 6e1e90064ad1f5769fdc96e3b735ee236c30b7e2] [Upstream: ceb12c9190a124c70bc938e8e1bea17612b498be] * Tue Jul 27 2021 Dumitru Ceara - 21.06.0-16 - ovn.at: Fix "Symmetric IPv6 ECMP reply flows" test. [Gerrit: 801f6c69c3bb45f981135ac6c197fdbd3f18118d] [Upstream: 4e6c498068dc4fa9546d3661f78f0a42e99c74bb] * Tue Jul 27 2021 Dumitru Ceara - 21.06.0-15 - ovn-controller: Handle DNAT/no-NAT conntrack tuple collisions. (#1939676) [Gerrit: abfd62cb228b7d311ae7cae18adfe9cfcf68affc] [Upstream: 58683a4271e6a885f2f2aea27f3df88e69a5c388] * Tue Jul 27 2021 Dumitru Ceara - 21.06.0-14 - ovn-controller: Detect OVS datapath capabilities. [Gerrit: ca1df0396e6e6eb016c3cad82db7c49cc05ec99a] [Upstream: 56e2cd3a2f06b79b7d57cc8637fc0d258652aff5] * Mon Jul 26 2021 Lorenzo Bianconi - 21.06.0-13 - northd: do not centralize traffic for unclaimed virtual ports [Gerrit: 5b6826906a76779b527d72d1c49d211ce492e62e] [Upstream: N/A] * Thu Jul 15 2021 Ihar Hrachyshka - 21.06.0-12 - Don't suppress localport traffic directed to external port (#1974062) [Gerrit: 330e6e7400e1d5e4e6ef4fc6446eeaa945ac6a13] [Upstream: 1148580290d0ace803f20aeaa0241dd51c100630] * Thu Jul 15 2021 Dumitru Ceara - 21.06.0-11 - northd: Fix multicast table full comparison. (#1979870) [Gerrit: 38f44df1b8a0ed1ebb86183de29d9e5c3423abdb] [Upstream: 969c98d7297b526c704c6fd2a7138f584f9ad577] * Thu Jul 15 2021 Dumitru Ceara - 21.06.0-10 - northd-ddlog: Fix IP family match for DNAT flows. [Gerrit: 518ea2e15df2c77fc19afe74b68d616983638743] [Upstream: 38467229905bdf09a3afa325eaa7a98183f44c72] * Thu Jul 15 2021 Ihar Hrachyshka - 21.06.0-9 - Disable ARP/NA responders for vlan-passthru switches [Gerrit: 56fbcfaf71d9a6df0b4cdee583c8d17ca7a82aab] [Upstream: ea57f666f6eef1eb1d578f0e975baa14c5d23ec9] * Thu Jul 15 2021 Ben Pfaff - 21.06.0-8 - tests: Fix "vlan traffic for external network with distributed..." [Gerrit: ca26e77c4206a39ae6eab4a1d430ef04b726b640] [Upstream: 5453cc8ca5535e3f33d1b191929e1a3c9ad30f20] * Thu Jul 15 2021 Dumitru Ceara - 21.06.0-7 - ovn-controller: Fix port group I-P when they contain non-vif ports. [Gerrit: 3c7f29238c889b248155cbb2c866c0adbf8b46c1] [Upstream: 1bb32e0f8146d7f4fff84af5e3d2836ebe939e04] * Thu Jul 15 2021 Numan Siddique - 21.06.0-6 - system-tests: Fix the test file. [Gerrit: 85337cec3f2e5967a14afc5a552ac17dff6c15f6] [Upstream: 9c1978300fa12709e01df07ed8403d8ad43f61fb] * Thu Jul 15 2021 Mark Michelson - 21.06.0-5 - northd: Swap src and dst eth addresses in router egress loop. [Gerrit: 86207fcac41b639d14de05e1b0965ad9d8293218] [Upstream: 9be470dc69daf16ac1fbbe13cc295f46862226ad] * Tue Jun 29 2021 Han Zhou - 21.06.0-4 - ovn.at: Fix test "virtual ports -- ovn-northd-ddlog". [Gerrit: d61cfca4cadca33e598ba1a23cfdbe81a72d3501] [Upstream: 9e3404e03620f183adc4f05db13bf5a38618b757]