OPENVSWITCH LTS IN CENTOS 6

As some visitors have asked me about installing Open vSwitch on CentOS 6, I’m writing the following post after my first about it almos three years ago. If you find a better way, please let me know so I update the post and remove useless info from the Internet 😉

I’ve found this repository by Alexander Evseev so you may try to use the openvswitch packages (you even have the kmod package) found there. Have a look: http://download.opensuse.org/repositories/home:/aevseev/CentOS6/x86_64/

In any case… I’ll show you what you can do to generate your own RPM packages the old way (no python api supported as it requires Python 2.7 while CentOS 6 uses Python 2.6):

Current LTS version: 2.5.0
Tested on: CentOS 6.8

Let’s start installing some packages:

yum -y install wget openssl-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool python-twisted-core python-zope-interface PyQt4 desktop-file-utils libcap-ng-devel groff checkpolicy selinux-policy-devel

Let’s add a new user and switch to that user:

adduser ovs; su - ovs

Let’s prepare the build environment and download the source code:

mkdir -p ~/rpmbuild/SOURCES
wget http://openvswitch.org/releases/openvswitch-2.5.0.tar.gz
cp openvswitch-2.5.0.tar.gz ~/rpmbuild/SOURCES/
tar xfz openvswitch-2.5.0.tar.gz

Now go to the openvswitch directory

cd openvswitch-2.5.0

Let’s modify some lines in the old rhel6 spec file provided by Nicira (copy and paste):

sed -i "s/Requires: logrotate, python >= 2.7/Requires: logrotate/" rhel/openvswitch.spec
sed -i "/$RPM_BUILD_ROOT\/usr\/bin\/ovs-test/d" rhel/openvswitch.spec
sed -i "/$RPM_BUILD_ROOT\/usr\/bin\/ovs-l3ping/d" rhel/openvswitch.spec
sed -i "/\/usr\/bin\/ovs-parse-backtrace/d" rhel/openvswitch.spec
sed -i "/\/usr\/bin\/ovs-pcap/d" rhel/openvswitch.spec
sed -i "/\/usr\/bin\/ovs-tcpundump/d" rhel/openvswitch.spec
sed -i "/\/usr\/bin\/ovs-vlan-test/d" rhel/openvswitch.spec
sed -i "/\/usr\/share\/man\/man8\/ovs-bugtool.8.gz/d" rhel/openvswitch.spec
sed -i "/\/usr\/share\/openvswitch\/bugtool-plugins/d" rhel/openvswitch.spec
sed -i "/\/usr\/share\/openvswitch\/scripts\/ovs-bugtool-*/d" rhel/openvswitch.spec
sed -i "/\/usr\/share\/openvswitch\/python/d" rhel/openvswitch.spec
sed -i "/\/usr\/share\/openvswitch\/scripts\/ovs-bugtool-*/d" rhel/openvswitch.spec
sed -i "/\/usr\/bin\/ovs-dpctl-top/d" rhel/openvswitch.spec
sed -i "/\/usr\/sbin\/ovs-bugtool/d" rhel/openvswitch.spec
echo "/usr/bin/ovs-testcontroller" >> rhel/openvswitch.spec

Finally let’s build the RPM packages… and have a cup of coffee as tests are being run! At least you can tell if it works… 😛

rpmbuild -bb rhel/openvswitch.spec

Once the build is finished, type exit.

exit

CentOS 6 already provides an openvswitch kernel module, so we’ve only compiled the binary tools.

[root@localhost ~]# modinfo openvswitch
filename: /lib/modules/2.6.32-642.3.1.el6.x86_64/kernel/net/openvswitch/openvswitch.ko
license: GPL
description: Open vSwitch switching datapath
srcversion: 00938868C288DBF055E30F3
depends: libcrc32c,vxlan
vermagic: 2.6.32-642.3.1.el6.x86_64 SMP mod_unload modversions

As root, we’ll install the RPM package.

 yum localinstall /home/ovs/rpmbuild/RPMS/x86_64/openvswitch-2.5.0-1.x86_64.rpm -y

Finally, start the openvswitch service and check that it’s running

service openvswitch start
...output...
/etc/openvswitch/conf.db does not exist ... (warning).
Creating empty database /etc/openvswitch/conf.db [ OK ]
Starting ovsdb-server [ OK ]
Configuring Open vSwitch system IDs [ OK ]
Inserting openvswitch module [ OK ]
Starting ovs-vswitchd [ OK ]
Enabling remote OVSDB managers [ OK ]

service openvswitch status
...output...
ovsdb-server is running with pid 3404
ovs-vswitchd is running with pid 3416

If you want the openvswitch service to start at boot time:

chkconfig openvswitch on

Let’s check that the command-line tools are ready:

ovs-vsctl -V
...output...
ovs-vsctl (Open vSwitch) 2.5.0
Compiled Aug 31 2016 19:54:41
DB Schema 7.12.1

Done. I can’t be sure if it will work for you as I haven’t been using Open vSwitch with CentOS 6 for a long time… so any feedback is welcomed!

Cheers!

Some errors you could face when configuring SSL encryption between your Floodlight controller and Openvswitch

Hi there!
Floodlight controller’s documentation provides an awesome article explaining how to use SSL to encrypt OpenFlow connections between your Floodlight controller and your Openvswich virtual switches. Please, read it, it helped me to continue with my current Floodlight testing.

If you follow the steps provided, you shouldn’t find any problem… however sometimes we read too fast or we forget something important and things don’t work as expected :-D. Just in case, I’ve compiled some problems and solutions when configuring SSL to secure OpenFlow communication.

—

Problem #1: Unknown wire version: 22

In your Floodlight controller’s log (e.g /var/log/floodlight/floodlight.log) you may find the following message:

ERROR [New I/O worker #12] n.f.c.i.OFChannelHandler [OFChannelHandler.java:731] Illegal argument exception with switch [? from …]. java.lang.IllegalArgumentException: Unknown wire version: 22

Solution: Well.. Have you added/edited the following line in your floodlightdefault.properties file?

net.floodlightcontroller.core.internal.OFSwitchManager.useSsl=YES

Try adding that and restart your controller…

—

Problem #2:  Exception initializing SSL OpenFlow socket: /path/to/your/keystore-file.jks (No such file or directory)

Solution: That’s an easy one!, have you specified where’s your keystore file?

Please be sure to set the keystore location and password in your floodlightdefault.properties configuration file changing these lines:

net.floodlightcontroller.core.internal.OFSwitchManager.keyStorePath=/path/to/your/keystore-file.jks
net.floodlightcontroller.core.internal.OFSwitchManager.keyStorePassword=your-keystore-password

—

Problem #3:  Exception initializing SSL OpenFlow socket: /path/to/your/keystore-file.jks (No such file or directory)

Have you added (imported) to the keystore the private key associated with the public certificate used by your Floodlight Controller?

—

Problem #4: Disconnecting switch due to message parse failure

If you find a message like “Disconnecting switch [? from X.X.X:X:Y] due to message parse failure org.projectfloodlight.openflow.exceptions.OFParseError: Wrong length: Expected=8(8), got=16” maybe Openvswitch and Floodlight are not speaking the same OpenFlow protocol.

You can try to force the OpenFlow protocol version used by an Openvswitch bridge with the following ovs-vsctl command applied to your bridge (e.g I’ve a bridge named ovs-mgmt0):

ovs-vsctl set Bridge ovs-mgmt0 protocols=OpenFlow13

—

I’m sure you won’t need any of these if following Floodlight’s instructions but if Google sent you here I hope these notes has helped you somehow. Use the comments if you need more help.

Cheers!

CentOS 7 – Installing Openvswitch 2.3.2 LTS

Openvswitch 2.3.2 was released on June 2015 and this post explains how to quickly generate an RPM to install Openvswitch command-line tools. This is a rewrite of my old post. I’ll be using the Openvswitch’s kernel module that comes with CentOS kernel so no kernel module is compiled.

As the root user let’s install some packages and add a new user:

yum -y install wget gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool

adduser ovs

su - ovs

Now as the ovs user we’ll generate the rpm file. In this post I’m skipping the rpmbuild tests included with openvswitch as I’m solving some dependency problems.

mkdir -p ~/rpmbuild/SOURCES

wget http://openvswitch.org/releases/openvswitch-2.3.2.tar.gz

cp openvswitch-2.3.2.tar.gz ~/rpmbuild/SOURCES/

tar xfz openvswitch-2.3.2.tar.gz

sed 's/openvswitch-kmod, //g' openvswitch-2.3.2/rhel/openvswitch.spec > openvswitch-2.3.2/rhel/openvswitch_no_kmod.spec

rpmbuild -bb --nocheck openvswitch-2.3.2/rhel/openvswitch_no_kmod.spec

exit

We’ll create the /etc/openvswitch configuration directory:

mkdir /etc/openvswitch

Let’s install the rpm package:

 yum localinstall /home/ovs/rpmbuild/RPMS/x86_64/openvswitch-2.3.2-1.x86_64.rpm

If you’re using SELinux in enfocing mode let’s change some contexts:

yum install policycoreutils-python 

semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?" 
restorecon -Rv /etc/openvswitch

Start the openvswitch service:

systemctl start openvswitch.service

If you want the openvswitch service to start at boot time:

chkconfig openvswitch on

Let’s check that the command-line tools are ready:

ovs-vsctl -V
ovs-vsctl (Open vSwitch) 2.3.2
Compiled Jun 28 2015 13:01:11
DB Schema 7.6.2

If you’re using SELinux in enfocing mode, if you try to start the service (systemctl start openvswitch.service) you’ll find some errors unless you execute the SELinux commands:

• install: cannot change owner and permissions of ‘/etc/openvswitch’: No such file or directory
• Creating empty database /etc/openvswitch/conf.db ovsdb-tool: I/O error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory).

If you run the ovs-vsctl show command and you receive the following error, please check that your Openvswitch service has been started (systemctl start openvswitch.service)

• ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

Done!

CentOS 7 – Installing Openvswitch 2.3.1 LTS

Openvswitch 2.3.1 was released on December 2014 and this post explains how to quickly generate an RPM to install Openvswitch command-line tools. I’ll be using the Openvswitch’s kernel module that comes with CentOS kernel so no kernel module is compiled.

As the root user let’s install some packages and add a new user:

yum -y install wget openssl-devel gcc make python-devel openssl-devel kernel-devel graphviz kernel-debug-devel autoconf automake rpm-build redhat-rpm-config libtool

adduser ovs

su - ovs

Now as the ovs user we’ll generate the rpm file. In this post I’m skipping the rpmbuild tests included with openvswitch as I’m solving some dependency problems.

mkdir -p ~/rpmbuild/SOURCES

wget http://openvswitch.org/releases/openvswitch-2.3.1.tar.gz

cp openvswitch-2.3.1.tar.gz ~/rpmbuild/SOURCES/

tar xfz openvswitch-2.3.1.tar.gz

sed 's/openvswitch-kmod, //g' openvswitch-2.3.1/rhel/openvswitch.spec > openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec

rpmbuild -bb --nocheck ~/openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec

exit

Finally we install the rpm package:

 yum localinstall /home/ovs/rpmbuild/RPMS/x86_64/openvswitch-2.3.1-1.x86_64.rpm

Let’s check that the command-line tools are ready:

ovs-vsctl -V
ovs-vsctl (Open vSwitch) 2.3.1
Compiled Jan 25 2015 02:13:00
DB Schema 7.6.2

UPDATE: If you’re using SELinux in enfocing mode, if you try to start the service (systemctl start openvswitch.service) you’ll find some errors: install: cannot change owner and permissions of ‘/etc/openvswitch’: No such file or directory andCreating empty database /etc/openvswitch/conf.db ovsdb-tool: I/O error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory). This is how I solved them (the commands are executed as root):

yum install policycoreutils-python
mkdir /etc/openvswitch
semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?"
restorecon -Rv /etc/openvswitch

UPDATE: If you run the ovs-vsctl show command and you receive the following error, please check that your openvswitch service has been started (use systemctl start openvswitch.service)

• ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)

Done!

CentOS 7 – Installing Openvswitch 2.3.0 LTS

Update: If using Openvswitch 2.3.1 LTS please visit my new post.

Well, summer is ending, but the summer brought us CentOS 7 and Openvswitch 2.3 Long-Term Support.

Openvswitch’s kernel module is already available in CentOS 7’s 3.10 kernel (also for CentOS 6) so this time I’m only preparing the rpm package to install the command-line tools (e.g ovs-vsctl). I’ve found some issues with CentOS 7 and Openvswitch 2.3.0 version but maybe they will be solved in the future and the rpm generation will be easy as always thanks to Nicira. In any case I’m offering you this post, maybe it can help you.

Let’s start. For the first part we’re creating a user and downloading openvswitch as we’ve done with previous Openvswitch releases.

[root@herge ~] yum -y install wget openssl-devel kernel-devel
[root@herge ~] yum groupinstall "Development Tools"
[root@herge ~] adduser ovswitch
[root@herge ~] su - ovswitch
[ovswitch@herge ~]$ wget http://openvswitch.org/releases/openvswitch-2.3.0.tar.gz
[ovswitch@herge ~]$ tar xfz openvswitch-2.3.0.tar.gz
[ovswitch@herge ~]$ mkdir -p ~/rpmbuild/SOURCES

Now we’re removing the openvswitch-kmod package dependency from the spec file offered by Nicira and create a new spec file.

[ovswitch@herge ~]$ sed 's/openvswitch-kmod, //g' openvswitch-2.3.0/rhel/openvswitch.spec > openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec

OK. Now we have two options. In the first one I create the package without tests… I don’t like it but if you can’t be patient…. Option 2 is the one I prefer, I’ll try to contact openvswitch developers so they can apply the change I suggest.

1. Let’s create the openvswitch rpm package but we’re going to skip the tests. Be warned I don’t know if openvswitch package will work 100%, I haven’t tested, but the rpm will be generated and you should be able to install it. That’s the end of this option, jump to the final section where we start the openvswitch service.

   [ovswitch@herge ~]$ rpmbuild -bb --without check ~/openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec
   [ovswitch@herge ~]$ exit
   [root@herge ~] yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.0-1.x86_64.rpm

2. Let’s create the rpm package but first we’re going to solve the tests issue. If you run the rpmbuild -bb you may find errors about some tests failing. The tests fail because an SSL issue. It seems that ovs-pki tool generates certificates using MD5 which is considered an insecure algorithm and the error: SSL_connect error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm will be logged. We’re going to change a file so we can run the tests, install the package. If you’ve disabled SELinux jump to the final section, if not continue reading.

   [ovswitch@herge ~]$ rm openvswitch-2.3.0.tar.gz
   [ovswitch@herge ~]$ mv openvswitch-2.3.0/utilities/ovs-pki.in openvswitch-2.3.0/utilities/ovs-pki.tmp
   [ovswitch@herge ~]$ sed 's/md5/sha1/g' openvswitch-2.3.0/utilities/ovs-pki.tmp > openvswitch-2.3.0/utilities/ovs-pki.in
   [ovswitch@herge ~]$ tar czvf ~/rpmbuild/SOURCES/openvswitch-2.3.0.tar.gz openvswitch-2.3.0/
   [ovswitch@herge ~]$ rpmbuild -bb ~/openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec
   [ovswitch@herge ~]$ exit
   [root@herge ~] yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.0-1.x86_64.rpm

   I like SELinux so I try keep it enabled and play with setroubleshoot and sealert to find a way to solve SELinux issues. If you try to start the service you’ll find some errors: install: cannot change owner and permissions of ‘/etc/openvswitch’: No such file or directory and Creating empty database /etc/openvswitch/conf.db ovsdb-tool: I/O error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory). This is how I solved them:

   [root@herge ~] mkdir /etc/openvswitch
   [root@herge ~] semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?"
   [root@herge ~] restorecon -Rv /etc/openvswitch

Final section! We’ve created the rpm package so we’re going to start the openvswitch service using systemctl! the new way to start and stop services.

[root@herge ~]# systemctl start openvswitch.service
[root@herge ~]# systemctl -l status openvswitch.service
openvswitch.service - LSB: Open vSwitch switch
Loaded: loaded (/etc/rc.d/init.d/openvswitch)
Active: active (running) since jue 2014-09-04 20:07:02 CEST; 4s ago
Process: 5419 ExecStop=/etc/rc.d/init.d/openvswitch stop (code=exited, status=0/SUCCESS)
Process: 5474 ExecStart=/etc/rc.d/init.d/openvswitch start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvswitch.service
├─5496 ovsdb-server: monitoring pid 5497 (healthy) 
├─5497 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach --monitor
├─5506 ovs-vswitchd: monitoring pid 5507 (healthy) 
└─5507 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach --monitor
sep 04 20:07:02 herge.artemit.com.es systemd[1]: Starting LSB: Open vSwitch switch...
sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Starting ovsdb-server [ OK ]
sep 04 20:07:02 herge.artemit.com.es ovs-vsctl[5498]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set Open_vSwitch . db-version=7.6.0
sep 04 20:07:02 herge.artemit.com.es ovs-vsctl[5503]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set Open_vSwitch . ovs-version=2.3.0 "external-ids:system-id=\"4f7759f2-19e9-4be0-8960-c19c124a4528\"" "system-type=\"unknown\"" "system-version=\"unknown\""
sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Configuring Open vSwitch system IDs [ OK ]
sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Starting ovs-vswitchd [ OK ]
sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Enabling remote OVSDB managers [ OK ]

And, openvswitch 2.3.0 tools are ready in my CentOS 7 host. If you’ve doubts about using the kernel module and not compiling the openvswitch kernel mode please read the Releases section in the Openvswitch’s FAQ.

Thanks for reading!

“Installing” Floodlight OpenFlow Controller – Debian Wheezy

It’s time to learn new things. I want to use an OpenFlow controller with my OVS switches. Openvswitch already provides “a simple OpenFlow controller reference implementation” (ovs-controller) but I’d like to start with Floodlight. I’m using the official documentation but, as always, I like to share my notes with you:

Floodlight works with Java so we’ll install some packages:

aptitude -y install default-jdk ant git

Let’s download the latest Floodlight stable version and compile the jar:

cd /opt
git clone git://github.com/floodlight/floodlight.git
cd floodlight/
ant

...
dist:
[jar] Building jar: /opt/floodlight/target/floodlight.jar
[jar] Building jar: /opt/floodlight/target/floodlight-test.jar
BUILD SUCCESSFUL
Total time: 25 seconds

We’re going to start Floodlight. The controller by default will listen in the 6633 port.

java -jar target/floodlight.jar
19:53:53.434 INFO [n.f.c.m.FloodlightModuleLoader:main] Loading default modules
19:53:53.827 INFO [n.f.c.i.Controller:main] Controller role set to MASTER
19:53:53.834 INFO [n.f.c.i.Controller:main] Flush switches on reconnect -- Disabled
19:54:03.558 INFO [n.f.l.i.LinkDiscoveryManager:main] Setting autoportfast feature to OFF
19:54:03.779 INFO [o.s.s.i.c.FallbackCCProvider:main] Cluster not yet configured; using fallback local configuration
19:54:03.779 INFO [o.s.s.i.SyncManager:main] [32767] Updating sync configuration ClusterConfig [allNodes={32767=Node [hostname=localhost, port=6642, nodeId=32767, domainId=32767]}, authScheme=CHALLENGE_RESPONSE, keyStorePath=/etc/floodlight/auth_credentials.jceks, keyStorePassword is unset]
19:54:03.853 INFO [o.s.s.i.r.RPCService:main] Listening for internal floodlight RPC on localhost/127.0.0.1:6642
19:54:04.066 INFO [n.f.c.i.Controller:main] Listening for switch connections on 0.0.0.0/0.0.0.0:6633
19:54:09.047 INFO [n.f.j.JythonServer:debugserver-main] Starting DebugServer on :6655

OK, the controller is waiting for connections. Now we’re going to add a new OVS bridge and set the controller for that bridge:

ovs-vsctl add-br br0
ovs-vsctl set-controller br0 tcp:127.0.0.1:6633

Floodlight is being contacted by Openvswitch! 🙂

20:18:24.725 INFO [n.f.c.i.OFChannelHandler:New I/O server worker #2-1] New switch connection from /127.0.0.1:43418
20:18:24.749 INFO [n.f.c.i.OFChannelHandler:New I/O server worker #2-1] Disconnected switch [/127.0.0.1:43418 DPID[?]]
20:18:25.703 INFO [n.f.c.i.OFChannelHandler:New I/O server worker #2-2] New switch connection from /127.0.0.1:43419
20:18:25.728 INFO [n.f.c.i.OFChannelHandler:New I/O server worker #2-2] Switch OFSwitchBase [/127.0.0.1:43419 DPID[00:00:b6:19:eb:08:04:4d]] bound to class class net.floodlightcontroller.core.internal.OFSwitchImpl, writeThrottle=false, description Switch Desc - Vendor: Nicira, Inc. Model: Open vSwitch Make: None Version: 1.9.3 S/N: None
20:18:25.731 INFO [n.f.c.OFSwitchBase:New I/O server worker #2-2] Clearing all flows on switch OFSwitchBase [/127.0.0.1:43419 DPID[00:00:b6:19:eb:08:04:4d]]
20:18:25.734 WARN [n.f.c.i.C.s.notification:main] Switch 00:00:b6:19:eb:08:04:4d connected.

Now thanks to Marist College (SDN Lab) and IBM I’ll use Avior as a Floodlight GUI, visit the webpage to download the 32bit or 64bit version

cd /opt
wget http://openflow.marist.edu/static/download/avior-1.3_linux_x64.jar
java -jar avior-1.3_linux_x64.jar

And here is a screenshot, the OpenVswitch is shown. Great.

This is just the beginning! More in a few days… I’ll update this post including how to add a daemon to start the controller.

Openvswitch 1.9.3 LTS – Debian Wheezy

I’m preparing a lab with two nodes, one with Debian Wheezy and the other one with CentOS 6.5.

I’m not a Debian guy so I hope I’m not doing things wrong, but first of all I’d like to thank again Nicira Inc as I used the information included in the README.Debian included in Openvswitch’s recent versions.

Here are my notes on how I installed Openvswitch 1.9.3 LTS, but first a warning, you may find Openvswitch in the official Debian repositories or from Ubuntu repositories, so use this post if you really can’t find the deb packages on the Internet. I just want to help 🙂

1. Let’s install some development packages. If you have any problems you can try to install the build-essential packages.

   aptitude -y install gcc make automake autoconf debhelper libssl-dev pkg-config python-all python-qt4 python-zopeinterface python-twisted-conch gdebi-core

2. Now we’re going to create a user, and “use” it to prepare the debian packages. Be patient, we need to compile.

3. useradd -s /bin/bash -m openvswitch
   su – openvswitch
   wget http://openvswitch.org/releases/openvswitch-1.9.3.tar.gz
   tar xvfz openvswitch-1.9.3.tar.gz
   mv openvswitch-1.9.3.tar.gz openvswitch_1.9.3.orig.tar.gz
   cd openvswitch-1.9.3/
   dpkg-buildpackage -us -uc
   exit

4. Now as root we are going to install the Debian packages we’ve just created and generate the kernel module. Remember to accept the installations :-):

   gdebi /home/openvswitch/openvswitch-datapath-source_1.9.3-1_all.deb
   module-assistant auto-install openvswitch-datapath
   gdebi /home/openvswitch/openvswitch-common_1.9.3-1_amd64.deb 
   gdebi /home/openvswitch/openvswitch-switch_1.9.3-1_amd64.deb accept to install 
   
   [ ok ] Inserting openvswitch module. 
   [warn] /etc/openvswitch/conf.db does not exist ... (warning). 
   [ ok ] Creating empty database /etc/openvswitch/conf.db. 
   [ ok ] Starting ovsdb-server. 
   [ ok ] Configuring Open vSwitch system IDs. 
   [ ok ] Starting ovs-vswitchd. 

5. And now let’s if openvswitch is ready:

   # ovs-vsctl -V 
   ovs-vsctl (Open vSwitch) 1.9.3 
   Compiled Feb 18 2014 19:20:41
   # ovs-vsctl show 
   859be08b-200c-40dc-9863-0323a655589b 
       ovs_version: "1.9.3"

And… finished, or at least that’s what it seems.

Thanks for reading, and please visit my personal page if you want to hire me… for free.

CentOS 6.5 – Openvswitch 1.9.3 LTS installation

Happy new year!

I’ve just installed CentOS 6.5 and I wanted to use Openvswitch. I’ve succeded installing the 1.9.3 LTS version using the instructions included by Nicira.

#yum install wget openssl-devel
#yum groupinstall "Development Tools"

#adduser ovswitch
#su ovswitch

$cd
$wget http://openvswitch.org/releases/openvswitch-1.9.3.tar.gz
$tar xvfz openvswitch-1.9.3.tar.gz
$cd openvswitch-1.9.3
$mkdir -p /home/ovswitch/rpmbuild/SOURCES
$ cp ../openvswitch-1.9.3.tar.gz /home/ovswitch/rpmbuild/SOURCES/
$cp rhel/openvswitch-kmod.files /home/ovswitch/rpmbuild/SOURCES/
$rpmbuild -bb rhel/openvswitch.spec
$rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec
$exit

#yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/kmod-openvswitch-1.9.3-1.el6.x86_64.rpm
#yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-1.9.3-1.x86_64.rpm

And that’s all, openvswitch 1.9.3 is ready in CentOS 6.5

I’ve tried to use the latest stable version 2.0.0 but I’ve found some problems building the kernel module with netdev:

“error: conflicting types for ‘netdev_features_t'”

It seems that Jesse Gross from Nicira wrote a patch for this problem, but I must be doing something wrong and I can’t get the module built so I’ll try again in a few days and I’ll update this post if I get it working.

Of course you can always use the latest version from Git where that patch must be already applied so I suggest you to read Tyler Bishop’s post about how to use the latest openvswitch’s git version with CentOS 6.5

See ya!

Installing Openvswitch 1.10 on Debian Wheezy

Ok. Now that I’m using Debian again it’s time for Openvswitch. Building a .deb pack for openvswitch it’s very easy thanks to the readme files provided by Openvswitch and Nicira.

We’ll need a few packages first (thanks for the gdebi-core tip):

aptitude -y install gcc make automake autoconf debhelper libssl-dev pkg-config python-all python-qt4 python-zopeinterface python-twisted-conch gdebi-core

I’m building the package as a non root user. I’ll create a directory and download OVS 1.10 version. After that I’ll use dpkg-buildpackage to create the debian package.

mkdir openvswitch
cd openvswitch

wget http://openvswitch.org/releases/openvswitch-1.10.0.tar.gz

tar xvfz openvswitch-1.10.0.tar.gz

mv openvswitch-1.10.0.tar.gz openvswitch_1.10.0.orig.tar.gz

cd openvswitch-1.10.0
dpkg-buildpackage -us -uc
cd ..

Ok, now we’ll use our root account. Go to the directory where you’ve downloaded the openvswitch tar.gz file. We’ll install some debian packages and build the openvswitch kernel module. We’ll use gdebi to solve dependency problems when installing local deb files.

su
gdebi openvswitch-datapath-source_1.10.0-1_all.deb
module-assistant auto-install openvswitch-datapath // Wait a few minutes for compilation to finish
gdebi openvswitch-common_1.10.0-1_amd64.deb
gdebi openvswitch-switch_1.10.0-1_amd64.deb

Let’s try to run a few OVS commands:

# ovs-vsctl -V
ovs-vsctl (Open vSwitch) 1.10.0
Compiled Jun 15 2013 19:23:15

# ovs-vsctl show
b5e96ffe-9cba-426e-a7e8-9dc2abca15e7
 ovs_version: "1.10.0"

# ovs-vsctl add-br brtest0
# ovs-vsctl show
b5e96ffe-9cba-426e-a7e8-9dc2abca15e7
 Bridge "brtest0"
 Port "brtest0"
 Interface "brtest0"
 type: internal
 ovs_version: "1.10.0"

It looks good. This one was easy….

Openvswitch 1.9 – CentOS 6.4

Hi,
I’ve posted about this topic again in case you really need to use Openvswitch 1.9 (LTS version), it worked for me but I can’t guarantee that it’ll work for you, I only try to help. I’ve installed recently the 1.10 version as it’s easier to install.

Ok. CentOS 6.4 already has an openswitch module that you can load with: insmod openvswitch, but you’ll need the binaries to manage openvswitch.

The first thing is to install the development tools. I use the groupinstall method though it’ll install libraries and compilers that you may not need…. but it’s a quick method. I also install the EPEL repository, uml_utilities and the OpenSSL development libraries.

yum groupinstall "Development Tools"
yum install wget

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm

yum install uml_utilities openssl-devel

If you want to use the openvswitch module which comes with CentOS 6.4 and you only want to compile the tools to manage the openvswitch, let’s add an user ovswitch and switch to that user.

adduser ovswitch
cd /home/ovswitch
su ovswitch

Let’s download the files from OpenVswitch and build from the source.

mkdir -p rpmbuild/SOURCES
wget http://openvswitch.org/releases/openvswitch-1.9.0.tar.gz
tar xvfz openvswitch-1.9.0.tar.gz
cd openvswitch-1.9.0

./configure
make dist

cp openvswitch-1.9.0.tar.gz ../rpmbuild/SOURCES/

Now we are going to modify the openvswitch.spec so the openvswitch-kmod is not needed and you can install it later. Edit rhel/openvswitch.spec and remove openvswitch-kmod from the Requires lines. Finally let’s build the rpm file.

rpmbuild -bb rhel/openvswitch.spec // If building operation succeded just exit
exit

Using our root account we’ll install the daemons and the utilities. Thanks to Nicira, Inc for the start/stop daemons.

yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-1.9.0-1.x86_64.rpm

Check if openvswitch tools are ready, and if it works let’s start the service and configure to start at boot

ovs-vsctl -V

service openvswitch start
Starting ovsdb-server [ OK ]

Configuring Open vSwitch system IDs [ OK ]
Starting ovs-vswitchd [ OK ]

chkconfig openvswitch on

End of part one.

Ok. As far as I know If you still need the bridge compatibility: brcompat, you’ll need to compile the module…

Compilation will show errors about ‘redefinition of…’. As this link suggests I’ve created a patch that comments the lines that prevents compilation but I can’t guarantee that it has no secondary effects and this is the first time I create a patch for rpm (thanks to these links: link#1, link#2). I had recently an issue when creating a port mirror, I don’t know if it was a problem with my solution but I think I should mention it.

Please download the patch and the modified spec file from my google drive shared folder and follow these instructions:

1. Copy the openvswitch-1.9.0-el6.patch to the /home/ovswitch/rpmbuild/SOURCES/
2. Substitute the spec file with the one downloaded inside the /home/ovswitch/openvswitch-1.9.0/rhel/
3. Build the kernel module: rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec

Now as the root user install the module (it will take time be patient):

yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/kmod-openvswitch-1.9.0-1.el6.x86_64.rpm

The new openvswitch module can’t be loaded if the bridge module is in use. If you don’t need the default bridge that is autostarted by the libvirtd daemon, remove the link that loads the bridge and the module. After that, restart the libvirtd daemon and check that the bridge module is not loaded. Warning: the default virbr0 bridge will dissapear.

rm /etc/libvirt/qemu/networks/autostart/default.xml
/etc/init.d/libvirtd restart

Now we want to prevent the original kernel module that comes with CentOS 6.4 to be loaded. Maybe there are better ways but I’ve chosen to make a backup of that module and substitute it with the new one.

cp /lib/modules/2.6.32-358.el6.x86_64/kernel/net/openvswitch/openvswitch.ko /root/
mv /lib/modules/2.6.32-358.el6.x86_64/weak-updates/openvswitch/openvswitch.ko /lib/modules/2.6.32-358.el6.x86_64/kernel/net/openvswitch/openvswitch.ko

Reboot the machine.

If you want to use the brcompat option:

1. Edit the /etc/sysconfig/openvswitch file and uncomment BRCOMPAT=yes
2. Start the openvswitch service: /etc/init.d/openvswitch start
3. Check that the brcompat module has been loaded. I tested OpenNebula 3.8.3 with OpenVswitch and it worked with brcompat.

lsmod | grep brcompat
brcompat 5905 0
openvswitch 96981 1 brcompat

Ok… it’s a long post and maybe you don’t need the brcompat module but who knows?

Please I wish that my posts are clear and error free, I appreciate your help and feedback. Tthank you Adrian and Roni for sharing your issues and Arthur for your comment.