OVS: Containerize components

 1. Start OVS components in containers so that building and shipping
    of OVS components is easy.
 2. Load OVS kernel modules on host from container to avoid installing ovs
    on host.
 3. Update documentation about how to build/run ovs in docker.

Acked-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: aginwala <aginwala@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>

Documentation/intro/install/general.rst

@@ -503,6 +503,55 @@ domain socket::
 
     $ ovs-vswitchd --pidfile --detach --log-file
 
+Starting OVS in container
+-------------------------
+
+For ovs vswitchd, we need to load ovs kernel modules on host.
+
+Hence, OVS containers kernel version needs to be same as that of host kernel.
+
+Export following variables in .env  and place it under
+project root::
+
+    $ OVS_BRANCH=<BRANCH>
+    $ OVS_VERSION=<VERSION>
+    $ DISTRO=<LINUX_DISTRO>
+    $ KERNEL_VERSION=<LINUX_KERNEL_VERSION>
+    $ GITHUB_SRC=<GITHUB_URL>
+    $ DOCKER_REPO=<REPO_TO_PUSH_IMAGE>
+
+To build ovs modules::
+
+    $ cd utilities/docker
+    $ make build
+
+Compiled Modules will be tagged with docker image
+
+To Push ovs modules::
+
+    $ make push
+
+OVS docker image will be pushed to specified docker repo.
+
+Start ovsdb-server using below command::
+
+    $ docker run -itd --net=host --name=ovsdb-server \
+      <docker_repo>:<tag> ovsdb-server
+
+Start ovs-vswitchd with priviledged mode as it needs to load kernel module in
+host using below command::
+
+    $ docker run -itd --net=host --name=ovs-vswitchd \
+      --volumes-from=ovsdb-server -v /lib:/lib --privileged \
+      <docker_repo>:<tag> ovs-vswitchd
+
+.. note::
+    The debian docker file uses ubuntu 16.04 as a base image for reference.
+
+    User can use any other base image for debian, e.g. u14.04, etc.
+
+    RHEL based docker build support needs to be added.
+
 Validating
 ----------
 
@@ -517,6 +566,10 @@ and ``vif1.0`` to it::
 Refer to ovs-vsctl(8) for more details. You may also wish to refer to
 :doc:`/topics/testing` for information on more generic testing of OVS.
 
+When using ovs in container, exec to container to run above commands::
+
+    $ docker exec -it <ovsdb-server/ovs-vswitchd> /bin/bash
+
 Upgrading
 ---------
 
@@ -586,6 +639,18 @@ needs some considerations:
    the userspace daemons are restarted immediately and the userspace flows are
    restored as soon as possible.
 
+5. When upgrading ovs running in container on host that is managed by ovn,
+   simply stop the docker container, remove and re-run with new docker image
+   that has newer ovs version.
+
+6. When running ovs in container, if ovs is used in bridged mode where
+   management interface is managed by ovs, docker restart will result in loss
+   of network connectivity. Hence, make sure to delete the bridge mapping of
+   physical interface from ovs, upgrade ovs via docker and then add back the
+   interface to ovs bridge. This mapping need not be deleted in case of multi
+   nics if management interface is not managed by ovs.
+
+
 The ovs-ctl utility's ``restart`` function only restarts the userspace daemons,
 makes sure that the 'ofport' values remain consistent across restarts, restores
 userspace flows using the ovs-ofctl utility and also uses the

utilities/automake.mk

@@ -58,7 +58,13 @@ EXTRA_DIST += \
 	utilities/ovs-test.in \
 	utilities/ovs-vlan-test.in \
 	utilities/ovs-vsctl-bashcomp.bash \
-	utilities/checkpatch.py
+	utilities/checkpatch.py \
+        utilities/docker/Makefile \
+        utilities/docker/ovs-override.conf \
+        utilities/docker/start-ovs \
+        utilities/docker/create_ovs_db.sh \
+        utilities/docker/debian/Dockerfile \
+        utilities/docker/debian/build-kernel-modules.sh
 MAN_ROOTS += \
 	utilities/ovs-appctl.8.in \
 	utilities/ovs-testcontroller.8.in \

utilities/docker/Makefile

@@ -0,0 +1,22 @@
+#export OVS_BRANCH=branch-2.11
+#export OVS_VERSION=2.11
+#export KERNEL_VERSION=4.15.0-54-generic
+#export DISTRO=debian
+#export GITHUB_SRC=https://github.com/openvswitch/ovs.git
+#export DOCKER_REPO=openvswitch/ovs
+
+# Example:
+#   make build
+#   make push
+
+REPO = ${DOCKER_REPO}
+tag = ${OVS_VERSION}_${KERNEL_VERSION}
+
+build: ;docker build -t ${REPO}:${tag} --build-arg DISTRO=${DISTRO} \
+--build-arg OVS_BRANCH=${OVS_BRANCH} \
+--build-arg KERNEL_VERSION=${KERNEL_VERSION} \
+--build-arg GITHUB_SRC=${GITHUB_SRC} -f ${DISTRO}/Dockerfile .
+
+.PHONY: build
+
+push: ;docker push ${REPO}:${tag}

utilities/docker/create_ovs_db.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ovsdb-tool create /etc/openvswitch/conf.db \
+/usr/share/openvswitch/vswitch.ovsschema

utilities/docker/debian/Dockerfile

@@ -0,0 +1,20 @@
+FROM ubuntu:16.04
+MAINTAINER "Aliasgar Ginwala" <aginwala@ebay.com>
+
+ARG OVS_BRANCH
+ARG KERNEL_VERSION
+ARG GITHUB_SRC
+ARG DISTRO
+
+copy $DISTRO/build-kernel-modules.sh /build-kernel-modules.sh
+RUN /build-kernel-modules.sh $KERNEL_VERSION $OVS_BRANCH $GITHUB_SRC
+
+COPY create_ovs_db.sh /etc/openvswitch/create_ovs_db.sh
+RUN /etc/openvswitch/create_ovs_db.sh
+
+COPY ovs-override.conf /etc/depmod.d/openvswitch.conf
+
+COPY start-ovs /bin/start-ovs
+VOLUME ["/var/log/openvswitch", "/var/lib/openvswitch",\
+ "/var/run/openvswitch", "/etc/openvswitch"]
+ENTRYPOINT ["start-ovs"]

utilities/docker/debian/build-kernel-modules.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+KERNEL_VERSION=$1
+OVS_BRANCH=$2
+GITHUB_SRC=$3
+
+# Install deps
+linux="linux-image-$KERNEL_VERSION linux-headers-$KERNEL_VERSION"
+build_deps="apt-utils libelf-dev build-essential libssl-dev python \
+python-six wget gdb autoconf libtool git automake bzip2 debhelper \
+dh-autoreconf openssl"
+
+apt-get update
+apt-get install -y ${linux} ${build_deps}
+
+# get the source
+mkdir /build; cd /build
+git clone --depth 1 -b $OVS_BRANCH $GITHUB_SRC
+cd ovs
+
+# build and install
+./boot.sh
+./configure --localstatedir="/var" --sysconfdir="/etc" --prefix="/usr" \
+--with-linux=/lib/modules/$KERNEL_VERSION/build --enable-ssl
+make -j8; make install; make modules_install
+
+# remove deps to make the container light weight.
+apt-get remove --purge -y ${build_deps}
+apt-get autoremove -y --purge
+cd ..; rm -rf ovs
+basic_utils="vim kmod net-tools uuid-runtime iproute2"
+apt-get install -y ${basic_utils}

utilities/docker/ovs-override.conf

@@ -0,0 +1,4 @@
+override openvswitch * extra
+override vport-geneve * extra
+override vport-stt * extra
+override vport-* * extra

utilities/docker/start-ovs

@@ -0,0 +1,42 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+case $1 in
+        "ovsdb-server") /usr/share/openvswitch/scripts/ovs-ctl start \
+                        --system-id=random --no-ovs-vswitchd
+                        /usr/share/openvswitch/scripts/ovs-ctl stop
+                        ovsdb-server --pidfile /etc/openvswitch/conf.db \
+                        -vconsole:emer -vsyslog:err -vfile:info \
+                        --remote=punix:/var/run/openvswitch/db.sock \
+                        --private-key=db:Open_vSwitch,SSL,private_key \
+                        --certificate=db:Open_vSwitch,SSL,certificate \
+                        --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
+                        --log-file=/var/log/openvswitch/ovsdb-server.log \
+                        --no-chdir
+        ;;
+        "ovs-vswitchd") depmod -a
+                        modprobe openvswitch
+                        modprobe vport_stt
+                        modprobe vport_geneve
+                        /usr/share/openvswitch/scripts/ovs-ctl \
+                        --no-ovsdb-server start
+                        /usr/share/openvswitch/scripts/ovs-ctl \
+                        --no-ovsdb-server force-reload-kmod
+                        /usr/share/openvswitch/scripts/ovs-ctl stop
+                        ovs-vswitchd --pidfile -vconsole:emer -vsyslog:err \
+                        -vfile:info --mlockall --no-chdir \
+                        --log-file=/var/log/openvswitch/ovs-vswitchd.log
+        ;;
+        *) echo "$0 [ovsdb-server|ovs-vswitchd]"
+esac