Merge pull request #53032 from netixx/update-openvswitch-2.9.2

openvswitch: 2.5.4 -> 2.12.0
NixOS · Nov 24, 2019 · e315f34 · e315f34
2 parents 013b9a8 + 0f5366d
commit e315f34
Show file tree

Hide file tree

Showing 6 changed files with 386 additions and 27 deletions.
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -3601,6 +3601,12 @@
     github = "klntsky";
     githubId = 18447310;
   };
+  kmcopper = {
+    email = "kmcopper@danwin1210.me";
+    name = "Kyle Copperfield";
+    github = "kmcopper";
+    githubId = 57132115;
+  };
   kmeakin = {
     email = "karlwfmeakin@gmail.com";
     name = "Karl Meakin";

diff --git a/nixos/modules/virtualisation/openvswitch.nix b/nixos/modules/virtualisation/openvswitch.nix
@@ -42,6 +42,9 @@ in {
       default = false;
       description = ''
         Whether to start racoon service for openvswitch.
+        Supported only if openvswitch version is less than 2.6.0.
+        Use <literal>virtualisation.vswitch.package = pkgs.openvswitch-lts</literal>
+        for a version that supports ipsec over GRE.
       '';
     };
   };
@@ -89,6 +92,13 @@ in {
             "${cfg.package}/share/openvswitch/vswitch.ovsschema"
         fi
         chmod -R +w /var/db/openvswitch
+        if ${cfg.package}/bin/ovsdb-tool needs-conversion /var/db/openvswitch/conf.db | grep -q "yes"
+        then
+          echo "Performing database upgrade"
+          ${cfg.package}/bin/ovsdb-tool convert /var/db/openvswitch/conf.db
+        else
+          echo "Database already up to date"
+        fi
         '';
       serviceConfig = {
         ExecStart =
@@ -133,7 +143,7 @@ in {
     };
 
   }
-  (mkIf cfg.ipsec {
+  (mkIf (cfg.ipsec && (versionOlder cfg.package.version "2.6.0")) {
     services.racoon.enable = true;
     services.racoon.configPath = "${runDir}/ipsec/etc/racoon/racoon.conf";
 
@@ -172,5 +182,4 @@ in {
       '';
     };
   })]));
-
 }
diff --git a/pkgs/os-specific/linux/openvswitch/default.nix b/pkgs/os-specific/linux/openvswitch/default.nix
@@ -1,24 +1,25 @@
 { stdenv, fetchurl, makeWrapper, pkgconfig, utillinux, which
-, procps, libcap_ng, openssl, python27 , perl
+, procps, libcap_ng, openssl, python3 , perl
 , kernel ? null }:
 
 with stdenv.lib;
 
 let
   _kernel = kernel;
+  pythonEnv = python3.withPackages (ps: with ps; [ six ]);
 in stdenv.mkDerivation rec {
-  version = "2.5.4";
+  version = "2.12.0";
   pname = "openvswitch";
 
   src = fetchurl {
-    url = "http://openvswitch.org/releases/${pname}-${version}.tar.gz";
-    sha256 = "1lji87wg953lqcdf02f1zv2m54vhd2x9jd03bb91lnlb4qlhifiv";
+    url = "https://www.openvswitch.org/releases/${pname}-${version}.tar.gz";
+    sha256 = "1y78ix5inhhcvicbvyy2ij38am1215nr55vydhab3d4065q45z8k";
   };
 
   kernel = optional (_kernel != null) _kernel.dev;
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ makeWrapper utillinux openssl libcap_ng python27
+  buildInputs = [ makeWrapper utillinux openssl libcap_ng pythonEnv
                   perl procps which ];
 
   configureFlags = [
@@ -36,27 +37,13 @@ in stdenv.mkDerivation rec {
 
   postBuild = ''
     # fix tests
-    substituteInPlace xenserver/opt_xensource_libexec_interface-reconfigure --replace '/usr/bin/env python' '${python27.interpreter}'
-    substituteInPlace vtep/ovs-vtep --replace '/usr/bin/env python' '${python27.interpreter}'
+    substituteInPlace xenserver/opt_xensource_libexec_interface-reconfigure --replace '/usr/bin/env python' '${pythonEnv.interpreter}'
+    substituteInPlace vtep/ovs-vtep --replace '/usr/bin/env python' '${pythonEnv.interpreter}'
   '';
 
   enableParallelBuilding = true;
   doCheck = false; # bash-completion test fails with "compgen: command not found"
 
-  postInstall = ''
-    cp debian/ovs-monitor-ipsec $out/share/openvswitch/scripts
-    makeWrapper \
-      $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      $out/bin/ovs-monitor-ipsec \
-      --prefix PYTHONPATH : "$out/share/openvswitch/python"
-    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      --replace "UnixctlServer.create(None)" "UnixctlServer.create(os.environ['UNIXCTLPATH'])"
-    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      --replace "self.psk_file" "root_prefix + self.psk_file"
-    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      --replace "self.cert_dir" "root_prefix + self.cert_dir"
-  '';
-
   meta = with stdenv.lib; {
     platforms = platforms.linux;
     description = "A multilayer virtual switch";
@@ -71,7 +58,8 @@ in stdenv.mkDerivation rec {
       support distribution across multiple physical servers similar
       to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
       '';
-    homepage = http://openvswitch.org/;
+    homepage = https://www.openvswitch.org/;
     license = licenses.asl20;
+    maintainers = with maintainers; [ netixx kmcopper ];
   };
 }
diff --git a/pkgs/os-specific/linux/openvswitch/lts.nix b/pkgs/os-specific/linux/openvswitch/lts.nix
@@ -0,0 +1,82 @@
+{ stdenv, fetchurl, makeWrapper, pkgconfig, utillinux, which
+, procps, libcap_ng, openssl, python2, iproute , perl
+, automake, autoconf, libtool, kernel ? null }:
+
+with stdenv.lib;
+
+let
+  _kernel = kernel;
+in stdenv.mkDerivation rec {
+  version = "2.5.9";
+  pname = "openvswitch";
+
+  src = fetchurl {
+    url = "https://www.openvswitch.org/releases/${pname}-${version}.tar.gz";
+    sha256 = "0iv0ncwl6s4qyyb655yj5xvqrjr1zbymmab96q259wa09xnyw7b7";
+  };
+
+  patches = [ ./patches/lts-ssl.patch ];
+
+  kernel = optional (_kernel != null) _kernel.dev;
+
+  nativeBuildInputs = [ autoconf libtool automake pkgconfig  ];
+  buildInputs = [ makeWrapper utillinux openssl libcap_ng python2
+                  perl procps which ];
+
+  preConfigure = "./boot.sh";
+
+  configureFlags = [
+    "--localstatedir=/var"
+    "--sharedstatedir=/var"
+    "--sbindir=$(out)/bin"
+  ] ++ (optionals (_kernel != null) ["--with-linux"]);
+
+  # Leave /var out of this!
+  installFlags = [
+    "LOGDIR=$(TMPDIR)/dummy"
+    "RUNDIR=$(TMPDIR)/dummy"
+    "PKIDIR=$(TMPDIR)/dummy"
+  ];
+
+  postBuild = ''
+    # fix tests
+    substituteInPlace xenserver/opt_xensource_libexec_interface-reconfigure --replace '/usr/bin/env python' '${python2.interpreter}'
+    substituteInPlace vtep/ovs-vtep --replace '/usr/bin/env python' '${python2.interpreter}'
+  '';
+
+  enableParallelBuilding = true;
+  doCheck = false; # bash-completion test fails with "compgen: command not found"
+
+  postInstall = ''
+    cp debian/ovs-monitor-ipsec $out/share/openvswitch/scripts
+    makeWrapper \
+      $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      $out/bin/ovs-monitor-ipsec \
+      --prefix PYTHONPATH : "$out/share/openvswitch/python"
+    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      --replace "UnixctlServer.create(None)" "UnixctlServer.create(os.environ['UNIXCTLPATH'])"
+    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      --replace "self.psk_file" "root_prefix + self.psk_file"
+    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      --replace "self.cert_dir" "root_prefix + self.cert_dir"
+  '';
+
+  meta = with stdenv.lib; {
+    platforms = platforms.linux;
+    description = "A multilayer virtual switch";
+    longDescription =
+      ''
+      Open vSwitch is a production quality, multilayer virtual switch
+      licensed under the open source Apache 2.0 license. It is
+      designed to enable massive network automation through
+      programmatic extension, while still supporting standard
+      management interfaces and protocols (e.g. NetFlow, sFlow, SPAN,
+      RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to
+      support distribution across multiple physical servers similar
+      to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
+      '';
+    homepage = https://www.openvswitch.org/;
+    license = licenses.asl20;
+    maintainers = with maintainers; [ netixx kmcopper ];
+  };
+}