Well, summer is ending, but the summer brought us CentOS 7 and Openvswitch 2.3 Long-Term Support.
Openvswitch’s kernel module is already available in CentOS 7’s 3.10 kernel (also for CentOS 6) so this time I’m only preparing the rpm package to install the command-line tools (e.g ovs-vsctl). I’ve found some issues with CentOS 7 and Openvswitch 2.3.0 version but maybe they will be solved in the future and the rpm generation will be easy as always thanks to Nicira. In any case I’m offering you this post, maybe it can help you.
Let’s start. For the first part we’re creating a user and downloading openvswitch as we’ve done with previous Openvswitch releases.
[root@herge ~] yum -y install wget openssl-devel kernel-devel [root@herge ~] yum groupinstall "Development Tools" [root@herge ~] adduser ovswitch [root@herge ~] su - ovswitch [ovswitch@herge ~]$ wget [ovswitch@herge ~]$ tar xfz openvswitch-2.3.0.tar.gz [ovswitch@herge ~]$ mkdir -p ~/rpmbuild/SOURCES
Now we’re removing the openvswitch-kmod package dependency from the spec file offered by Nicira and create a new spec file.
[ovswitch@herge ~]$ sed 's/openvswitch-kmod, //g' openvswitch-2.3.0/rhel/openvswitch.spec > openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec
OK. Now we have two options. In the first one I create the package without tests… I don’t like it but if you can’t be patient…. Option 2 is the one I prefer, I’ll try to contact openvswitch developers so they can apply the change I suggest.
-
Let’s create the openvswitch rpm package but we’re going to skip the
tests. Be warned I don’t know if openvswitch package will work 100%, I
haven’t tested, but the rpm will be generated and you should be able to
install it. That’s the end of this option, jump to the final section
where we start the openvswitch service.
[ovswitch@herge ~]$ rpmbuild -bb --without check ~/openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec [ovswitch@herge ~]$ exit [root@herge ~] yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.0-1.x86_64.rpm
-
Let’s create the rpm package but first we’re going to solve the
tests issue. If you run the rpmbuild -bb you may find errors about some
tests failing. The tests fail because an SSL issue. It seems that
ovs-pki tool generates certificates using MD5 which is considered an insecure algorithm and the error: SSL_connect error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest algorithm will be
logged. We’re going to change a file so we can run the tests, install
the package. If you’ve disabled SELinux jump to the final section, if
not continue reading.
[ovswitch@herge ~]$ rm openvswitch-2.3.0.tar.gz [ovswitch@herge ~]$ mv openvswitch-2.3.0/utilities/ovs-pki.in openvswitch-2.3.0/utilities/ovs-pki.tmp [ovswitch@herge ~]$ sed 's/md5/sha1/g' openvswitch-2.3.0/utilities/ovs-pki.tmp > openvswitch-2.3.0/utilities/ovs-pki.in [ovswitch@herge ~]$ tar czvf ~/rpmbuild/SOURCES/openvswitch-2.3.0.tar.gz openvswitch-2.3.0/ [ovswitch@herge ~]$ rpmbuild -bb ~/openvswitch-2.3.0/rhel/openvswitch_no_kmod.spec [ovswitch@herge ~]$ exit [root@herge ~] yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.0-1.x86_64.rpm
I like SELinux so I try keep it enabled and play with setroubleshoot and sealert to find a way to solve SELinux issues. If you try to start the service you’ll find some errors: install: cannot change owner and permissions of ‘/etc/openvswitch': No such file or directory and Creating empty database /etc/openvswitch/conf.db ovsdb-tool: I/O error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory). This is how I solved them:
[root@herge ~] mkdir /etc/openvswitch [root@herge ~] semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?" [root@herge ~] restorecon -Rv /etc/openvswitch
Final section! We’ve created the rpm package so we’re going to start the openvswitch service using systemctl! the new way to start and stop services.
[root@herge ~]# systemctl start openvswitch.service [root@herge ~]# systemctl -l status openvswitch.service openvswitch.service - LSB: Open vSwitch switch Loaded: loaded (/etc/rc.d/init.d/openvswitch) Active: active (running) since jue 2014-09-04 20:07:02 CEST; 4s ago Process: 5419 ExecStop=/etc/rc.d/init.d/openvswitch stop (code=exited, status=0/SUCCESS) Process: 5474 ExecStart=/etc/rc.d/init.d/openvswitch start (code=exited, status=0/SUCCESS) CGroup: /system.slice/openvswitch.service ├─5496 ovsdb-server: monitoring pid 5497 (healthy) ├─5497 ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach --monitor ├─5506 ovs-vswitchd: monitoring pid 5507 (healthy) └─5507 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach --monitor sep 04 20:07:02 herge.artemit.com.es systemd[1]: Starting LSB: Open vSwitch switch... sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Starting ovsdb-server [ OK ] sep 04 20:07:02 herge.artemit.com.es ovs-vsctl[5498]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait -- init -- set Open_vSwitch . db-version=7.6.0 sep 04 20:07:02 herge.artemit.com.es ovs-vsctl[5503]: ovs|00001|vsctl|INFO|Called as ovs-vsctl --no-wait set Open_vSwitch . ovs-version=2.3.0 "external-ids:system-id=\"4f7759f2-19e9-4be0-8960-c19c124a4528\"" "system-type=\"unknown\"" "system-version=\"unknown\"" sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Configuring Open vSwitch system IDs [ OK ] sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Starting ovs-vswitchd [ OK ] sep 04 20:07:02 herge.artemit.com.es openvswitch[5474]: Enabling remote OVSDB managers [ OK ]
And, openvswitch 2.3.0 tools are ready in my CentOS 7 host. If you’ve doubts about using the kernel module and not compiling the openvswitch kernel mode please .
Thanks for reading!