# Copyright (C) 2009, 2010, 2013, 2014 Nicira Networks, Inc. # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright # notice and this notice are preserved. This file is offered as-is, # without warranty of any kind. # # If tests have to be skipped while building, specify the '--without check' # option. For example: # rpmbuild -bb --without check rhel/openvswitch-fedora.spec # This defines the base package name's version. %define pkgver 2.13 %define pkgname ovn22.09 # If libcap-ng isn't available and there is no need for running OVS # as regular user, specify the '--without libcapng' %bcond_without libcapng # Enable PIE, bz#955181 %global _hardened_build 1 # RHEL-7 doesn't define _rundir macro yet # Fedora 15 onwards uses /run as _rundir %if 0%{!?_rundir:1} %define _rundir /run %endif # Build python2 (that provides python) and python3 subpackages on Fedora # Build only python3 (that provides python) subpackage on RHEL8 # Build only python subpackage on RHEL7 %if 0%{?rhel} > 7 || 0%{?fedora} # On RHEL8 Sphinx is included in buildroot %global external_sphinx 1 %else # Don't use external sphinx (RHV doesn't have optional repositories enabled) %global external_sphinx 0 %endif # We would see rpmlinit error - E: hardcoded-library-path in '% {_prefix}/lib'. # But there is no solution to fix this. Using {_lib} macro will solve the # rpmlink error, but will install the files in /usr/lib64/. # OVN pacemaker ocf script file is copied in /usr/lib/ocf/resource.d/ovn/ # and we are not sure if pacemaker looks into this path to find the # OVN resource agent script. %global ovnlibdir %{_prefix}/lib Name: %{pkgname} Summary: Open Virtual Network support Group: System Environment/Daemons URL: http://www.ovn.org/ Version: 22.09.0 Release: 11%{?commit0:.%{date}git%{shortcommit0}}%{?dist} Provides: openvswitch%{pkgver}-ovn-common = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-common < 2.11.0-1 # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL License: ASL 2.0 and LGPLv2+ and SISSL # Always pull an upstream release, since this is what we rebase to. Source: https://github.com/ovn-org/ovn/archive/v%{version}.tar.gz#/ovn-%{version}.tar.gz %define ovscommit 64b79581be012db6053e9caead4090f5becbc3b8 %define ovsshortcommit 64b7958 Source10: https://github.com/openvswitch/ovs/archive/%{ovscommit}.tar.gz#/openvswitch-%{ovsshortcommit}.tar.gz %define ovsdir ovs-%{ovscommit} %define docutilsver 0.12 %define pygmentsver 1.4 %define sphinxver 1.1.3 Source100: https://pypi.io/packages/source/d/docutils/docutils-%{docutilsver}.tar.gz Source101: https://pypi.io/packages/source/P/Pygments/Pygments-%{pygmentsver}.tar.gz Source102: https://pypi.io/packages/source/S/Sphinx/Sphinx-%{sphinxver}.tar.gz Source500: configlib.sh Source501: gen_config_group.sh Source502: set_config.sh # Important: source503 is used as the actual copy file # @TODO: this causes a warning - fix it? Source504: arm64-armv8a-linuxapp-gcc-config Source505: ppc_64-power8-linuxapp-gcc-config Source506: x86_64-native-linuxapp-gcc-config Patch: %{pkgname}.patch # FIXME Sphinx is used to generate some manpages, unfortunately, on RHEL, it's # in the -optional repository and so we can't require it directly since RHV # doesn't have the -optional repository enabled and so TPS fails %if %{external_sphinx} BuildRequires: python3-sphinx %else # Sphinx dependencies BuildRequires: python-devel BuildRequires: python-setuptools #BuildRequires: python2-docutils BuildRequires: python-jinja2 BuildRequires: python-nose #BuildRequires: python2-pygments # docutils dependencies BuildRequires: python-imaging # pygments dependencies BuildRequires: python-nose %endif BuildRequires: gcc gcc-c++ make BuildRequires: autoconf automake libtool BuildRequires: systemd-units openssl openssl-devel BuildRequires: python3-devel python3-setuptools BuildRequires: desktop-file-utils BuildRequires: groff-base graphviz BuildRequires: unbound-devel # make check dependencies BuildRequires: procps-ng %if 0%{?rhel} == 8 || 0%{?fedora} BuildRequires: python3-pyOpenSSL %endif BuildRequires: tcpdump %if %{with libcapng} BuildRequires: libcap-ng libcap-ng-devel %endif Requires: hostname openssl iproute module-init-tools Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units # to skip running checks, pass --without check %bcond_without check %description OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. %package central Summary: Open Virtual Network support License: ASL 2.0 Requires: %{pkgname} Requires: firewalld-filesystem Provides: openvswitch%{pkgver}-ovn-central = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-central < 2.11.0-1 %description central OVN DB servers and ovn-northd running on a central node. %package host Summary: Open Virtual Network support License: ASL 2.0 Requires: %{pkgname} Requires: firewalld-filesystem Provides: openvswitch%{pkgver}-ovn-host = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-host < 2.11.0-1 %description host OVN controller running on each host. %package vtep Summary: Open Virtual Network support License: ASL 2.0 Requires: %{pkgname} Provides: openvswitch%{pkgver}-ovn-vtep = %{?epoch:%{epoch}:}%{version}-%{release} Obsoletes: openvswitch%{pkgver}-ovn-vtep < 2.11.0-1 %description vtep OVN vtep controller %prep %autosetup -n ovn-%{version} -a 10 -p 1 %build %if 0%{?commit0:1} # fix the snapshot unreleased version to be the released one. sed -i.old -e "s/^AC_INIT(openvswitch,.*,/AC_INIT(openvswitch, %{version},/" configure.ac %endif ./boot.sh # OVN source code is now separate. # Build openvswitch first. # XXX Current openvswitch2.13 doesn't # use "2.13.0" for version. It's a commit hash pushd %{ovsdir} ./boot.sh %configure \ %if %{with libcapng} --enable-libcapng \ %else --disable-libcapng \ %endif --enable-ssl \ --with-pkidir=%{_sharedstatedir}/openvswitch/pki make %{?_smp_mflags} popd # Build OVN. # XXX OVS version needs to be updated when ovs2.13 is updated. %configure \ --with-ovs-source=$PWD/%{ovsdir} \ %if %{with libcapng} --enable-libcapng \ %else --disable-libcapng \ %endif --enable-ssl \ --with-pkidir=%{_sharedstatedir}/openvswitch/pki make %{?_smp_mflags} %install %make_install install -p -D -m 0644 \ rhel/usr_share_ovn_scripts_systemd_sysconfig.template \ $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/ovn for service in ovn-controller ovn-controller-vtep ovn-northd; do install -p -D -m 0644 \ rhel/usr_lib_systemd_system_${service}.service \ $RPM_BUILD_ROOT%{_unitdir}/${service}.service done install -d -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/ovn install -d $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \ $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ovn-central-firewall-service.xml install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \ $RPM_BUILD_ROOT%{ovnlibdir}/firewalld/services/ovn-host-firewall-service.xml install -d -m 0755 $RPM_BUILD_ROOT%{ovnlibdir}/ocf/resource.d/ovn ln -s %{_datadir}/ovn/scripts/ovndb-servers.ocf \ $RPM_BUILD_ROOT%{ovnlibdir}/ocf/resource.d/ovn/ovndb-servers install -p -D -m 0644 rhel/etc_logrotate.d_ovn \ $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/ovn # remove unneeded files. rm -f $RPM_BUILD_ROOT%{_bindir}/ovs* rm -f $RPM_BUILD_ROOT%{_bindir}/vtep-ctl rm -f $RPM_BUILD_ROOT%{_sbindir}/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man1/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man5/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man5/vtep* rm -f $RPM_BUILD_ROOT%{_mandir}/man7/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man8/ovs* rm -f $RPM_BUILD_ROOT%{_mandir}/man8/vtep* rm -rf $RPM_BUILD_ROOT%{_datadir}/ovn/python rm -f $RPM_BUILD_ROOT%{_datadir}/ovn/scripts/ovs* rm -rf $RPM_BUILD_ROOT%{_datadir}/ovn/bugtool-plugins rm -f $RPM_BUILD_ROOT%{_libdir}/*.a rm -f $RPM_BUILD_ROOT%{_libdir}/*.la rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*.pc rm -f $RPM_BUILD_ROOT%{_includedir}/ovn/* rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash rm -f $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d/ovs-vsctl-bashcomp.bash rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/openvswitch rm -f $RPM_BUILD_ROOT%{_datadir}/ovn/scripts/ovn-bugtool* rm -f $RPM_BUILD_ROOT/%{_bindir}/ovn-docker-overlay-driver \ $RPM_BUILD_ROOT/%{_bindir}/ovn-docker-underlay-driver %check %if %{with check} touch resolv.conf export OVS_RESOLV_CONF=$(pwd)/resolv.conf if ! make check TESTSUITEFLAGS='%{_smp_mflags}'; then cat tests/testsuite.log if ! make check TESTSUITEFLAGS='--recheck'; then cat tests/testsuite.log # Presently a test case - "2796: ovn -- ovn-controller incremental processing" # is failing on aarch64 arch. Let's not exit for this arch # until we figure out why it is failing. # Test case 93: ovn.at:12105 ovn -- ACLs on Port Groups is failing # repeatedly on s390x. This needs to be investigated. %ifnarch aarch64 %ifnarch ppc64le %ifnarch s390x exit 1 %endif %endif %endif fi fi %endif %clean rm -rf $RPM_BUILD_ROOT %pre central if [ $1 -eq 1 ] ; then # Package install. /bin/systemctl status ovn-northd.service >/dev/null ovn_status=$? rpm -ql openvswitch-ovn-central > /dev/null if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then # ovn-northd service is running which means old openvswitch-ovn-central # is already installed and it will be cleaned up. So start ovn-northd # service when posttrans central is called. touch %{_localstatedir}/lib/rpm-state/ovn-northd fi fi %pre host if [ $1 -eq 1 ] ; then # Package install. /bin/systemctl status ovn-controller.service >/dev/null ovn_status=$? rpm -ql openvswitch-ovn-host > /dev/null if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then # ovn-controller service is running which means old # openvswitch-ovn-host is installed and it will be cleaned up. So # start ovn-controller service when posttrans host is called. touch %{_localstatedir}/lib/rpm-state/ovn-controller fi fi %pre vtep if [ $1 -eq 1 ] ; then # Package install. /bin/systemctl status ovn-controller-vtep.service >/dev/null ovn_status=$? rpm -ql openvswitch-ovn-vtep > /dev/null if [[ "$?" = "0" && "$ovn_status" = "0" ]]; then # ovn-controller-vtep service is running which means old # openvswitch-ovn-vtep is installed and it will be cleaned up. So # start ovn-controller-vtep service when posttrans host is called. touch %{_localstatedir}/lib/rpm-state/ovn-controller-vtep fi fi %preun central %if 0%{?systemd_preun:1} %systemd_preun ovn-northd.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable ovn-northd.service >/dev/null 2>&1 || : /bin/systemctl stop ovn-northd.service >/dev/null 2>&1 || : fi %endif %preun host %if 0%{?systemd_preun:1} %systemd_preun ovn-controller.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable ovn-controller.service >/dev/null 2>&1 || : /bin/systemctl stop ovn-controller.service >/dev/null 2>&1 || : fi %endif %preun vtep %if 0%{?systemd_preun:1} %systemd_preun ovn-controller-vtep.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable ovn-controller-vtep.service >/dev/null 2>&1 || : /bin/systemctl stop ovn-controller-vtep.service >/dev/null 2>&1 || : fi %endif %post %if %{with libcapng} if [ $1 -eq 1 ]; then sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' %{_sysconfdir}/sysconfig/ovn sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/ovn fi %endif %post central %if 0%{?systemd_post:1} %systemd_post ovn-northd.service %else # Package install, not upgrade if [ $1 -eq 1 ]; then /bin/systemctl daemon-reload >dev/null || : fi %endif %post host %if 0%{?systemd_post:1} %systemd_post ovn-controller.service %else # Package install, not upgrade if [ $1 -eq 1 ]; then /bin/systemctl daemon-reload >dev/null || : fi %endif %post vtep %if 0%{?systemd_post:1} %systemd_post ovn-controller-vtep.service %else # Package install, not upgrade if [ $1 -eq 1 ]; then /bin/systemctl daemon-reload >dev/null || : fi %endif %postun %postun central %if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart ovn-northd.service %else /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ovn-northd.service >/dev/null 2>&1 || : fi %endif %postun host %if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart ovn-controller.service %else /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ovn-controller.service >/dev/null 2>&1 || : fi %endif %postun vtep %if 0%{?systemd_postun_with_restart:1} %systemd_postun_with_restart ovn-controller-vtep.service %else /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart ovn-controller-vtep.service >/dev/null 2>&1 || : fi %endif %posttrans central if [ $1 -eq 1 ]; then # Package install, not upgrade if [ -e %{_localstatedir}/lib/rpm-state/ovn-northd ]; then rm %{_localstatedir}/lib/rpm-state/ovn-northd /bin/systemctl start ovn-northd.service >/dev/null 2>&1 || : fi fi %posttrans host if [ $1 -eq 1 ]; then # Package install, not upgrade if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller ]; then rm %{_localstatedir}/lib/rpm-state/ovn-controller /bin/systemctl start ovn-controller.service >/dev/null 2>&1 || : fi fi %posttrans vtep if [ $1 -eq 1 ]; then # Package install, not upgrade if [ -e %{_localstatedir}/lib/rpm-state/ovn-controller-vtep ]; then rm %{_localstatedir}/lib/rpm-state/ovn-controller-vtep /bin/systemctl start ovn-controller-vtep.service >/dev/null 2>&1 || : fi fi %files %{_bindir}/ovn-nbctl %{_bindir}/ovn-sbctl %{_bindir}/ovn-trace %{_bindir}/ovn-detrace %{_bindir}/ovn_detrace.py %{_bindir}/ovn-appctl %{_bindir}/ovn-ic-nbctl %{_bindir}/ovn-ic-sbctl %dir %{_datadir}/ovn/ %dir %{_datadir}/ovn/scripts/ %{_datadir}/ovn/scripts/ovn-ctl %{_datadir}/ovn/scripts/ovn-lib %{_datadir}/ovn/scripts/ovndb-servers.ocf %{_mandir}/man8/ovn-ctl.8* %{_mandir}/man8/ovn-appctl.8* %{_mandir}/man8/ovn-nbctl.8* %{_mandir}/man8/ovn-ic-nbctl.8* %{_mandir}/man8/ovn-trace.8* %{_mandir}/man1/ovn-detrace.1* %{_mandir}/man7/ovn-architecture.7* %{_mandir}/man8/ovn-sbctl.8* %{_mandir}/man8/ovn-ic-sbctl.8* %{_mandir}/man5/ovn-nb.5* %{_mandir}/man5/ovn-ic-nb.5* %{_mandir}/man5/ovn-sb.5* %{_mandir}/man5/ovn-ic-sb.5* %dir %{ovnlibdir}/ocf/resource.d/ovn/ %{ovnlibdir}/ocf/resource.d/ovn/ovndb-servers %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/logrotate.d/ovn %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/ovn %files central %{_bindir}/ovn-northd %{_bindir}/ovn-ic %{_mandir}/man8/ovn-northd.8* %{_mandir}/man8/ovn-ic.8* %{_datadir}/ovn/ovn-nb.ovsschema %{_datadir}/ovn/ovn-ic-nb.ovsschema %{_datadir}/ovn/ovn-sb.ovsschema %{_datadir}/ovn/ovn-ic-sb.ovsschema %{_unitdir}/ovn-northd.service %{ovnlibdir}/firewalld/services/ovn-central-firewall-service.xml %files host %{_bindir}/ovn-controller %{_mandir}/man8/ovn-controller.8* %{_unitdir}/ovn-controller.service %{ovnlibdir}/firewalld/services/ovn-host-firewall-service.xml %files vtep %{_bindir}/ovn-controller-vtep %{_mandir}/man8/ovn-controller-vtep.8* %{_unitdir}/ovn-controller-vtep.service %changelog * Thu Oct 20 2022 Xavier Simonart - 22.09.0-11 - ovs: Bump submodule to tip of branch-3.0 and add related test (#2126450) [Upstream: c18415d5ae7273c633190df4ac9e872a0a0f9709] * Wed Oct 05 2022 Lorenzo Bianconi - 22.09.0-10 - controller: fix ipv6 prefix delegation in gw router mode (#2129244 2129247) [Upstream: f2042a2e6aeb1a7fe266316337545331f5186dd0] * Wed Oct 05 2022 Vladislav Odintsov - 22.09.0-9 - spec: require python3-openvswitch for ovn-detrace [Upstream: 29e4d43966fbf34d9707e31880c455f22a643bb3] * Mon Oct 03 2022 Mark Michelson - 22.09.0-8 - northd: Use separate SNAT for already-DNATted traffic. [Upstream: 51044dbfdba234a3f50d8c9c952335e41b72a39b] * Fri Sep 30 2022 Ales Musil - 22.09.0-7 - controller: Restore MAC and vlan for DVR scenario (#2123837) [Upstream: 86e99bf95a2191ebdcd5d03335ff8add2a636f55] * Fri Sep 30 2022 Xavier Simonart - 22.09.0-6 - northd: Fix multicast table full (#2094710) [Upstream: 40dd85eb8d2d2d88f9000b6be6fb263b4bd1a27f] * Tue Sep 27 2022 Xavier Simonart - 22.09.0-5 - controller: Fix first ping from lsp to external through snat failing (#2130045) [Upstream: 76a01e53a9fcc3184211cca10787d462cb86a352] * Fri Sep 16 2022 Mark Michelson - 22.09.0-4 - Prepare for 22.09.1. [Upstream: 854c2b1a4ba9ef35e03348d1bd4fc8265f3f74a3]