The kubernetes recipes can inherit cni_networking and provide their
own PN-cni packages, so we no longer need to provide this by default.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When enabling 'dpdk' PACKAGECONFIG, the following error appears.
| configure: error: Could not find DPDK library in default search path
Fix the error by tweaking the configure option regarding dpdk.
Add pkgconfig to 'inherit' because pkgconfig is required at do_configure
when dpdk is enabled.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
recipes that use multiple SCMs in the SRC_URI, must supply
SRCREV_FORMAT or SRCPV triggers an expansion error. While
this isn't fatal during the build, it can cause issues with
setscene (and possibly) other tasks failing, which then
leads to no sstate re-use, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We drop a previously backported patch, and bump to version v2.15.1-30-gf8274b78c, which comprises the following commits:
f8274b78c datapath-windows:adjust Offset when processing packet in POP_VLAN action
a2f860aa2 cirrus: Reduce memory requirements for FreeBSD VMs.
7788f1579 netdev-linux: Fix a null pointer dereference in netdev_linux_notify_sock().
dd32deba6 pcap-file: Fix memory leak in ovs_pcap_open().
9f2f66c8e odp-util: Fix a null pointer dereference in odp_flow_format().
02b0c265c odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__().
031eff456 netdev-dpdk: Fix RSS configuration for virtio.
09cd9570d ipf: Fix only nat the first fragment in the reass process.
ef8ca3e19 dpif-netdev: Fix crash when PACKET_OUT is metered.
d3ff41d60 tc: Set action flags for tunnel_key release.
079a4de72 netlink-socket: Replace error with txn->error when logging nacked transactions.
f8cc5aa35 dynamic-string: Fix a crash in ds_clone().
64d1bba91 dpif-netdev: fix memory leak in dpcls subtable set command
90b219275 dpif-netdev: Do not flush PMD offloads on reload.
b29b04f85 dpif-netdev: Fix offloads of modified flows.
1d0b89ea7 dpif-netdev: Fix flow modification after failure.
8d84a4b16 netdev-offload-dpdk: Fix IPv6 rewrite cast-align warning.
f3f7849cb daemon-unix: Fix leak of a fork error message.
8aa0f0374 ovsdb-cs: Perform forced reconnects without a backoff.
ee4e034dc datapath-windows:Correct checksum for DNAT action
72132a940 bond: Fix broken rebalancing after link state changes.
aa84cfe25 dpif-netlink: Fix report_loss() message.
aec05f7cd ovsdb-server: Fix memleak when failing to read storage.
05bdf11fc conntrack: Init hash basis first at creation.
94e3b9d9c netdev-linux: Ignore TSO packets when TSO is not enabled for userspace.
842bfb899 conntrack: Handle already natted packets.
ab873c1af conntrack: Document all-zero IP SNAT behavior and add a test case.
86d6a9ee1 python: Fix Idl.run change_seqno update.
1ba0c8365 bridge: Use correct (legacy) role names in database.
7e5293ea5 Prepare for 2.15.2.
b855bbc32 Set release date for 2.15.1.
007a4f48f dpif-netdev: Apply subtable-lookup-prio-set on any datapath.
c93358a56 netlink: removed incorrect optimization
31626579f ovs-actions.xml: Add missing bracket.
30596ec27 netdev-offload-tc: Use nl_msg_put_flag for OVS_TUNNEL_KEY_ATTR_CSUM.
728980291 conntrack: Increment coverage counter for all bad checksum cases.
881d71ea2 datapath-windows: Specify external include paths
934668c29 Remove Python 2 leftovers.
aaa596705 ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.
bc0aa785a ovsdb-idl: Fix the database update signaling if it has never been connected.
559426d2b ofproto: Fix potential NULL dereference in ofproto_ct_*_zone_timeout_policy().
f31070e27 ofproto: Fix potential NULL dereference in ofproto_get_datapath_cap().
8995d5311 dpif-netlink: Fix send of uninitialized memory in ct limit requests.
0c056891c ofproto-dpif: Fix use of uninitialized attributes of timeout policy.
121a67cad netdev-linux: Fix use of uninitialized LAG master name.
5f27ff1cf ofp_actions: Fix set_mpls_tc formatting.
e87adce83 dpif-netdev: Remove meter rate from the bucket size calculation.
a3ee3258e ovs-ofctl: Fix coredump when using "add-groups" command.
c5d2a6275 raft: Transfer leadership before creating snapshots.
553d52392 ovsdb-cs: Consider all tables when computing expected cond seqno.
8d0aebcc4 dpdk: Use DPDK 20.11.1 release.
21452722b github: Fix up malformed /etc/hosts.
90d1984b9 doc: automake: Add support for sphinx 4.0.
38a8bed70 cirrus: Look up existing versions of python dependencies.
255c38c74 ofp-group: Use big-enough buffer in ofputil_format_group().
f2c0744d2 ofproto/ofproto-dpif-sflow: Check sflow agent in case of race
ab157ef34 dpif: Fix use of uninitialized execute hash.
b1fded020 odp-util: Fix use of uninitialized erspan metadata.
f473ee568 dpif-netlink: Fix using uninitialized info.tc_modify_flow_deleted in out label.
2721606bd netdev-offload-tc: Probe for support for any of the ct_state flags.
091bc48d9 compat: Add ct_state flags definitions.
1307e90e3 Add test cases for ingress_policing parameters
d184c6ce6 netdev-linux: correct unit of burst parameter
cab998e50 ipsec: Fix IPv6 default route support for Libreswan.
b9ab7827e ovsdb-idl: Mark arc sources as updated when destination is deleted.
c82d2e3fb ovsdb-idl: Preserve references for deleted rows.
9a24ecbc2 ovsdb-idl.at: Make test outputs more predictable.
8d71feb1b ovs-ofctl: Fix segfault due to bad meter n_bands.
3a716b1d9 dpif-netdev: Refactor and fix the buckets calculation.
73ece9c87 dpif-netdev: Fix the meter buckets overflow.
d5dc16670 python: Send notifications after the transaction ends.
556e65e17 ovs-ctl: Allow recording hostname separately.
3982aee45 dpif-netdev: Fix crash when add dp flow without in_port field.
02096f1b3 Documentation: Fix DPDK qos example.
8f1dda316 raft: Report disconnected in cluster/status if candidate retries election.
79e9749da raft: Reintroduce jsonrpc inactivity probes.
2e84a4adb ovsdb-cs: Fix use-after-free for the request id.
d2c311dce connmgr: Check nullptr inside ofmonitor_report().
7307af690 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified.
2a7a63571 windows, tests: Modify service test.
9b48549c6 netdev-linux: Fix indentation.
861a9f3b4 ofproto-dpif-upcall: Fix ukey leak on udpif destroy.
339044c3c ci: Use parallel build for distcheck.
38744b1bc ofp-actions: Fix use-after-free while decoding RAW_ENCAP.
33abe6c05 Prepare for 2.15.1.
8dc1733ea Set release date for 2.15.0.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has
a use-after-free in decode_NXAST_RAW_ENCAP (called from
ofpact_decode and ofpacts_decode) during the decoding of
a RAW_ENCAP action.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-36980
Patches from:
65c61b0c23
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The libseccomp package is only available if seccomp is in DISTRO_FEATURES.
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The cni plugins already have mod=vendor, but we also need to ensure
that the main CNI build is not using go module based builds.
To avoid inconsistent vendoring messages, we switch all plugins to
no module builds as well.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Update the cni plugins part of the recipe to the 0.9.1 release:
c4d4aa7 Remove Bryan Boreham as maintainer
af26bab host-local: support ip/prefix in env args and CNI args
f72aa98 [sbr]: Use different tableID for every ipCfg Check
tableID not in use for every ipCfg
40c225e Small typo improves in README.md
76ef07e Allow multiple routes to be added for the same prefix. Enables ECMP
d6bf1ea Update to lastest vendor/github.com/vishvananda/netlink
bdaaa20 tuning: always update MAC in CNI result
33a2929 vendor: bump to libcni v1.0-rc1
820fee9 tuning: Add support of altering the allmulticast flag
f34c600 [sbr]: Use different tableID for every ipCfg Move default table routes which match the ipCfg config
8f32968 Fix nil-pointer check
028fc2f host-local: support custom IPs allocation through runtime configuration
7da1c84 pkg/ip: introduce a new type `IP` to support formated <ip>[/<prefix>]
2eac102 go.mod: github.com/j-keck/arping v1.0.1
f4d2925 go.mod: github.com/buger/jsonparser v1.1.1
c3d0153 go.mod: github.com/alexflint/go-filemutex v1.1.0
75b64e0 go.mod github.com/Microsoft/hcsshim v0.8.16
bc85637 go.mod: godbus/dbus/v5 v5.0.3, coreos/go-systemd v22.2.0
d2d89dd go.mod: github.com/mattn/go-shellwords v1.0.11
59a6259 go.mod: github.com/sirupsen/logrus v1.8.1
3cc1135 CI: Install linux-modules-extra for VRF module
5b02c2a Fix broken links to online docs in plugin READMEs
f275746 gha: update actions/setup-go@v2
b811967 remove redundant startRange in RangeIter due to overlap check on multi ranges
178d7c0 fix(win-bridge): panic while calling HNS api
e09a17f portmap: use slashes in sysctl template to support interface names which separated by dots
9b09f16 pkg/ipam: use slash as sysctl separator so interface name can have dot
e31cd2c [macvlan] Stop setting proxy-arp on macvlan interface
8e540bf tuning: increase test coverage to 1.0.0 and older spec versions
d2e5b5d portmap: increase test coverage to 1.0.0 and older spec versions
8f7fe6d flannel: increase test coverage to 1.0.0 and older spec versions
f33eedb firewall: increase test coverage to 1.0.0 and older spec versions
da52be3 bandwidth: increase test coverage to 1.0.0 and older spec versions
02cdaaf host-local: increase test coverage to 1.0.0 and older spec versions
f534133 static: increase test coverage to 1.0.0 and older spec versions
932653f dhcp: increase test coverage to 1.0.0 and older spec versions
dd3f606 dhcp: add -resendmax option to limit lease acquisition time for testcases
4ddc8ba vlan: increase test coverage to 1.0.0 and older spec versions
f56545c ptp: increase test coverage to 1.0.0 and older spec versions
bbf7189 macvlan: increase test coverage to 1.0.0 and older spec versions
5eae558 loopback: increase test coverage to 1.0.0 and older spec versions
5096b53 ipvlan: increase test coverage to 1.0.0 and older spec versions
34cee8c host-device: increase test coverage to 1.0.0 and older spec versions
c3c286c bridge: increase test coverage to 1.0.0 and older spec versions
c8f341d bridge: simplify version-based testcase code
8c25db8 testutils: add test utilities for spec version features
7d8c767 plugins: update to spec version 1.0.0
9e2430b vendor: bump CNI to 1.0.0-pre @ 62e54113
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In the time between the k3s work starting and ending, meta-networking
picked up the support we need for ipset.
Now that the recipe is in a layer we already depend on, we don't need
our own copy.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
commit 1b83c21436 [openvswitch: Fix build with musl libc] mistakenly
copies common files and then clobbers the SRC_URI.
While we could drop the SRC_URI components from the .inc now that we
only have one active version in master (_git), we avoid that for now,
since it is possible that a LTS version will be introduced in future
cycles.
So to fix the oddity, we drop the common components from the _git
SRC_URI and append versus clobber.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Many of the CNI plugins require authenticated connections, as such
they are looking for elements of ca-certificates.
CNI isn't small, so we add this as a general rdepends. If we need to
slim things down in the future, we can split the CNI into specific
implementations and add the dependency to those packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
- OVSDB:
* Changed format in which ovsdb transactions are stored in database files.
Now each transaction contains diff of data instead of the whole new
value of a column.
New ovsdb-server process will be able to read old database format, but
old processes will *fail* to read database created by the new one.
For cluster and active-backup service models follow upgrade instructions
in 'Upgrading from version 2.14 and earlier to 2.15 and later' section
of ovsdb(7).
* New unixctl command 'ovsdb-server/get-db-storage-status' to show the
status of the storage that's backing a database.
* New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
If turned on, ovsdb-server will try to reclaim all the unused memory
after every DB compaction back to OS. Disabled by default.
* Maximum backlog on RAFT connections limited to 500 messages or 4GB.
Once threshold reached, connection is dropped (and re-established).
Use the 'cluster/set-backlog-threshold' command to change limits.
- DPDK:
* Removed support for vhost-user dequeue zero-copy.
* Add support for DPDK 20.11.
- Userspace datapath:
* Add the 'pmd' option to "ovs-appctl dpctl/dump-flows", which
restricts a flow dump to a single PMD thread if set.
* New 'options:dpdk-vf-mac' field for DPDK interface of VF ports,
that allows configuring the MAC address of a VF representor.
* Add generic IP protocol support to conntrack. With this change, all
none UDP, TCP, and ICMP traffic will be treated as general L3
traffic, i.e. using 3 tupples.
* Add parameters 'pmd-auto-lb-load-threshold' and
'pmd-auto-lb-improvement-threshold' to configure PMD auto load balance
behaviour.
- The environment variable OVS_UNBOUND_CONF, if set, is now used
as the DNS resolver's (unbound) configuration file.
- Linux datapath:
* Support for kernel versions up to 5.8.x.
- Terminology:
* The terms "master" and "slave" have been replaced by "primary" and
"secondary", respectively, for OpenFlow connection roles.
* The term "slave" has been replaced by "member", for bonds, LACP, and
OpenFlow bundle actions.
- Support for GitHub Actions based continuous integration builds has been
added.
- Bareudp Tunnel
* Bareudp device support is present in linux kernel from version 5.7
* Kernel bareudp device is not backported to ovs tree.
* Userspace datapath support is not added
- ovs-dpctl and 'ovs-appctl dpctl/':
* New commands '{add,mod,del}-flows' where added, which allow adding,
deleting, or modifying flows based on information read from a file.
- IPsec:
* Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
tearing down IPsec tunnels.
* Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
without restarting ipsec daemon.
- Building the Linux kernel module from the OVS source tree is deprecated
* Support for the Linux kernel is capped at version 5.8
* Only bug fixes for the Linux OOT kernel module will be accepted.
* The Linux kernel module will be fully removed from the OVS source tree
in OVS branch 2.18
fix some do_patch error about local patch.
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
CVE entries are using version 2.xx.xx, our PV is 2.13+xxx, this causes
problem for CVE detection. So we need to set a CVE_VERSION for better
CVE scanning.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The following CNI commits are part of this update:
e32b586 remove build badges from homepage
296290a Switch from Travis to GH Actions
a199e6a go fmt
ada6726 tighten up plugin-finding logic
eec3755 Add "alias" to conventions
867451c Fix typo in pkg/types/internal/convert.go
679ed9d Fix typo in CONVENTIONS.md
6d8228e maintainers: fix typo
e781c94 types: remove SupportedVersions
7555ca3 spec: bump to 1.0.0-pre-release and remove 'version' from Result addresses
6823eba tests: small cleanup and removal of one useless testcase
3805b13 types: add 1.0.0
0050bfa types: implement convert module and make types use it
90311ea Bump release build Go version to 1.14
f9b5c9b Add security reporting info
e5c65a5 Revert formatting of error codes
65bf688 Travis: bump go versions
a7cceb9 add go.mod
93a7425 testhelpers: clean up how we build against old libcni targets
c78d465 Replace 2019 conference announcement with links to the recordings
fc1de42 Sync contact methods in README and CONTRIBUTING
c815aca Update the SPEC, CODE-OF-CONDUCT, CONTRIBUTING, RELEASING with minor formatting changes and linting updates.
17a6379 Update README.md
956c943 adding OVN4NFV-K8s-Plugin as 3rd party plugin
e2a7366 Retry exec commands on text file busy
76b18ea Typo fixes for infiniband GUID
44dabed invoke: capture and return stderr if plugin exits unexpectedly
279bc6c Add DeviceID attribute to RuntimeConfig
fdcc7b1 test: allow specific package testing with PKGS=<x> ./test.sh
ca0082f Add Infiniband GUID to well known Capabilities
38353fa Remove extra ',' chars which makes conflist examples invalid.
134f603 maintainers: remove Stefan per personal request
1435c6b Add Michael Cambria as a CNI maintainer
6b46a03 Update link freenode.org to freenode.net
075e303 Update roadmap for 1.0 plans
0b1c649 Change language identifier to jsonc for json with comments
704c56d Update tests
f208f19 Remove Result.String
cc6e8af pkg/utils: utility package should use black-box testing
025e32f pkg/utils: add utils_test
6f29b01 intercept netplugin std error
777584f Add Kube-OVN to CNI list
e00fa53 appending antrea to the cni list
7815be7 Add Project Antrea in CNI list
f2fa4a3 Add table of contents
b36de6e DOCUMENTATION: Address incomplete instructions in CONTRIBUTING.md
c35ac21 Adding Cisco ACI to CNI plugin list
3eb88ac Add Bruce Ma and Piotr Skarmuk as maintainers
6c6a315 Update README to sunset slack and call out kubecon presentations
b89eff5 Add a note to README about where to find the binaries
4eec648 When the CNI version isn't supplied in config, use default.
eefc069 SPEC: update validation rules for interface name in docs and address some comments
b5188cf spec: fix some typo in docs
c94fcd7 Perfect annotation: Correct word spelling mistakes
7be1ac9 add interface name validation to libcni and skel
9f4a623 utils: add validation function for interface name
2a82881 Bump golang
c0f784d Update cnitool docs
94399d5 add err handling in plugins/test/noop/
d8dfb56 validate containerID and networkName ensure they contain only letters and numbers
e4a11ba libcni: cache file operations require full uniqueness tuple in RuntimeConf
a83f3cb libcni: also cache IfName, network name, and container ID
894863c libcni: fix cache file 'result' key name
f3654f3 skel: remove needless functions and types
3e79703 modify some well-known errors
1318d7c libcni: find plugin in exec
9af40ed libcni: add config caching
722a488 docs: add ips and mac to well-known capabilities and fix some typo
227c438 SPEC: add some well-known error codes
ba034ef testcases: make testcase use suitable error code
4b29940 skel: clean up typed Errors in skel
50192c0 types : add NewError method
0af0477 readme: add Alibaba Cloud CNI plugin 'Terway' to the list
b92d83c bump linux to Bionic 18.04 in Travis and Vagrant
a48337a add missing commas, fix syntax error
5077b14 Add stringifyArgs and parseArgs functions to utils.go
80ad241 libcni: add InitCNIConfigWithCacheDir() and deprecate RuntimeConfig.CacheDir
5dbeae8 clean up : remove useless variable
a03dc28 clean up : fix staticcheck warnings
cbca752 Docs: Small typo fixes in main README.md
As well as the following plugin commits:
fa48f75 ipam/dhcp: Add broadcast flag
74a6b28 vendor: bump libcni
8feef71 add flannel to support dual stack ip
343d233 bandwidth: fix panic in tests
d41acb8 host-device: Add support for DPDK device (#490)
075c5a0 [main/vlan] Fix error handling for delegate IPAM plugin
a8d1f5c dhcp: default dhcp clien timeout is 10s
354def7 vlan: fix error message text by removing ptp references
25fc741 dhcp: daemon dhcp client timeout is configurable
3161bb5 dhcp: timeout value is set in DHCP daemon
ebce6d0 remove unused function
691238c deps: go mod tidy coreos/go-iptables
23a1d90 deps: bump coreos/go-iptables
e13bab9 tuning: revert values on delete (#540)
680c6dd go mod tidy
be19d78 bump to go 1.15
8d52c42 Add ability to trigger retests via comments
3ae85c1 pkg/ns: fix test case to tolerate pids going away.
25704f9 Add github build & test actions
eb31403 bridge: fix testcase to check addresses we care about
336ba52 Remove travis.
b47d178 vendor: bump ginkgo, gover
108c2ae portmap plugin should flush previous udp connections
cccf539 Updating plugin README.md files (#549)
c41c78b update netlink dependencies
50a3aa6 Xdhcp: fix example configuration
98c621a VRF: extend supported version to 0.3.1 too.
b34402a VRF CNI: Add an optional table parameter.
5fc309a Add more tests for the vrf cni plugin.
362f5d6 Update github.com/vishvananda/netlink to v1.1.0
8d0d8a9 Introduce a new VRF CNI meta plugin.
1a7f1bd Travis: run tests on arm64
8a6e96b Replace nc with the local echo client.
3227902 Add an echo client to be used instead of nc.
59baaa1 Bump up the ubuntu version used in CI to bionic.
9ce99d3 flannel: allow input ipam parameters as basis for delegate
08ff3b6 ipvlan: make master config as optional
1ea19f9 Remove extraneous test file in Windows plugin
799d3cb Fix race condition in GetCurrentNS
839d918 lo: CNI_IFNAME is no longer ignored
c50490e cni: bump to 0.8.0
01a8de9 Bump Go version to 1.13 and 1.14
2b6cd54 Add contact info
0214625 Update firewall README.md CNI-ADMIN
813f541 firewall: fix some typos in docs
051452c Update firewall README.md
877602d portmap DEL noop if no portMappings present
2bd04cb firewall: fix generate of admin chain comment
d4775ec Fix handling of delay in acquiring lease with stp turned on
68a80bc Update README.md
5cb3a5e portmap: don't use unspecified address as destination
b9560fd macvlan: set mac address from CNI_ARGS
79192cb host-device: Bring interfaces down before moving.
219eb9e ptp, bridge: disable accept_ra on the host-side interface
02bfece plugins/meta/sbr: Adjusted ipv6 address mask to /128
5e0fbd8 portmap: Apply the DNAT hairpin to the whole subnet
a78853f Support device id in host device plugin (#471)
2d2583e win-bridge: add support for portMappings capability
30776ff check bridge's port state
2a48d68 Reset the route flag before moving the rule
486ef96 [DO NOT REVIEW] vendor upate to remove useless dependencies
8a0e3fe build error utility package to replace juju/errors
112288e Unlock OS thread after netns is restored
c7e2cf7 owners: updates for maintainer changes
53854dd flannel: remove net conf file after DEL succeed
a9b4e04 Make host-device to work with virtio net device
45fd949 ptp: remove some redundant lines
2ff84a4 pkg/ip: use type cast instead of untrusty error message
37207f0 pkg/utils: sysctl package should use black-box testing
d1360b8 loopback: Fix ipv6 address checks
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
While testing the cni uprev by building in a container with
network=none the following error was found:
go: github.com/Microsoft/go-winio@v0.4.11: Get
https://proxy.golang.org/github.com/%21microsoft/go-winio/@v/v0.4.11.mod:
dial tcp: lookup proxy.golang.org on 128.224.144.130:53:
dial udp 128.224.144.130:53: connect: network is unreachable
After some digging through the go documentation it was found that the
'-mod=vendor' is required for 'go build' to use shipped vendor modules
when building modules. This can be confirmed by look at the
'build_linux.sh' script which is found in the plugins repo.
By using '-mod=vendor' and also ensuring things are properly placed in
the GOPATH (ie $B) we can avoid having to create many of the links we
had been previously.
We also put all the build artifacts into $B to avoid mixing source and
build.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Both uprev's are listed as 'minor' in the upstream release
notes. Neither introduces an uprev in spec. This fixes issues we
observed while testing the forthcoming cri-o uprev.
NOTE: this commit should only be used with the follow-on commit [cni:
prevent go from downloading stuff in the background] otherwise you
will end up with files not owned by you which will prevent the recipe
being properly cleaned.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Another straightforward uprev with one fairly large change in the
changelog. The Open Virtual Network component has now been moved to
its own repo (https://github.com/ovn-org/ovn.git). If you were using
this functionality a new recipe will need to be created.
The ptest results are similar to after the v2.12 uprev
ERROR: 2206 tests were run,
28 failed unexpectedly.
62 tests were skipped.
The failed tests were in the following areas:
checkpatch.at (5)
ovs-ofctl.at (1)
tunnel.at(1)
tunnel-push-pop.at(3)
tunnel-push-pop-ipv6.at(3)
dpif-netdev.at (1)
pmd.at(1)
ofproto-dpif.at (7)
bridge.at (2)
ovsdb-idl.at(1)
mcast-snooping.at(1)
packet-type-aware.at(2)
None of these affect core functionality or usecases and are similar to
the results we see with v1.12. If specific usecases are affected by
these failures we should address them on a need to fix basis.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
A mostly straightforward uprev. Unfortunately a required patch for
python3 is only available on a non-release branch so we must carry it
in order to build (the discussion on the mailing list was that an
uprev might have avoided this, but this is not the case).
The ptest results are similar to after the v2.11 uprev
ERROR: 2413 tests were run,
23 failed unexpectedly.
383 tests were skipped.
NOTE, however, that they have now marked many tests as 'skipped', such
as the python2 results, so the failed and skipped numbers have
essentially swapped with each other. The failed tests were in the
following areas:
checkpatch.at (5)
ovs-ofctl.at (1)
dpif-netdev.at (1)
ofproto-dpif.at (6)
bridge.at (2)
ovn.at (2)
ovn-controller-vtep.at (6)
Most were issues with the test or expectations that source code would
be available. There might be an issue around packaging of
"/vswitchd/vswitch.ovsschema" but we should be able to overlook this
for now, as we have with previous versions.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use a standard location to store the cni tools and plugins. This
is more in line how other distributions package cni. Keep a symlink
to /opt/cni/bin for backward compatibility.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
slirp4netns allows connecting a network namespace to the Internet
in a completely unprivileged way, by connecting a TAP device in a
network namespace to the usermode TCP/IP stack ("slirp")."
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The build has broken again on master, even for non-static builds of
netns. The simplest fix is to extend our existing patch to cover this
case as well.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
openembedded-core commit fb064356af61 [Remove LSB support] dropped the
'lsb' recipe which caused openvswitch to throw a dependency fail for
both sysvinit and systemd builds. LSB init functions for
log_begin_msg, log_end_msg and others were being used. We now use the
functions from ovs-lib which are part of OVS and supply the remaining
ones directly. This allows us to regain the functionality and drop the
dependency on 'lsb'.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Install ovs-systemd-reload as openvswitch.service uses it.
openvswitch.service:ExecReload=/usr/share/openvswitch/scripts/ovs-systemd-reload
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Also build plugins under ipam. Other distros default to contain
these plugins.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When setting up k8s, the following error appeared, failing
to setup coredns pod.
NetworkPlugin cni failed to set up pod "coredns-5f7fc64c95-4nnfq_kube-system" network: fork/exec /opt/cni/bin/loopback: no such file or directory
This is because the binary, /opt/cni/bin/loopback, has wrong interpreter.
So fix do_compile to use ${GO} instead of go to fix this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
These settings are either in go.bbclass or duplicate, thus
removing them.
Keep only CGO_ENABLED and GOPATH to easier manipulation while
upgrading cni.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When the go-lang container recipes were first created there were issues
with strip and the resulting binaries. As such, strip was inhibited for
the various packages.
This variable is now set in the default classes, and tests show that
strip works on the binaries (saving up to 2M on disk for some binaries)
with no runtime issues found.
So we drop our explicit set of the inhibit and let the build proceed
by the defaults.
If issues are found, we can re-enable the setting or bbappends can
turn it back on for builds showing issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Drop obsolete patches and forward-port the remaining required patch. We
also need to fix up permissions after the build so that we can clean the
build directory without errors if needed.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Attempting to build for x86-64 will result in an error:
cannot find package runtime/cgo (using -importcfg)
...go/pkg/tool/linux_amd64/link: cannot open file : open : no such file or directory
As a workaround we switch the build target to 'build' which results in
a slightly smaller executable but does mean that several dynamic
libraries are required to run the generated executable. This shouldn't
be a problem as the build system will ensure the libraries are present
on images where the executable will be included. This change only
means the executable can't be copied as a single entity to a different
machine and run.
We do also patch the Makefile to allow the 'static' target to build
successfully and in the patch commit log we describe the issue in full
(at least in as much detail as we currently have on the issue). But
since the issue isn't fully understood we don't recommend the 'static'
build to be used at this time, thus default to the 'build' target.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The v2.11 version fixed a bug as follow.
Error info:
ovs|00002|db_ctl_base|ERR|external-ids:hostname=: argument does not
end in "=" followed by a value.
The result of ptest between v2.11 and v2.10.1 is similar.
v2.11:
ERROR: 2765 tests were run,
317 failed (1 expected failure).
85 tests were skipped.
v2.10.1:
ERROR: 2662 tests were run,
311 failed (1 expected failure).
85 tests were skipped.
I checked the detailed result. The failed tests were mostly related
to python2 as the image only use python3.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This change reduces the length of ${PV} for several recipes and gives us
auto-incrementing version numbers.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we don't explicitly set the GO variable as an argument to make then
the native go toolchain is invoked instead of the cross-toolchain we
actually want. This can result in a netns binary which is built for the
wrong architecture.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating the cni plugins to match k8s and cri-o. We also filter out
the windows plugins, since they use a different build infrastructure
than the other variants .. and are not currently needed. This can
be revisted in the future as needed.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Openvswitch recipe depends on the kernel source, which is machine specific.
It can then use this machine specific resource to configure and build the
recipe. This mix causes the hash values of this package to change based on
the machine, so this package must also be a machine_arch package.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The openssl library is an optional component for the openvswitch. The
problem with it enabled by default is that it will consume system
entropy to try to initialize the openssl library even though we are not
using it by default. With the 4.16 kernel and up there is not always
enough entropy available at the early boot time which can cause a
lengthy stall, while waiting to initialize the openvswitch.
If ssl is needed, it can of course be turned on with the package
config option "ssl".
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since `229f4e9 package.bbclass: add support for
pkg_postinst_ontarget()' applied in oe-core, use
pkg_postinst_ontarget to run postinst at first boot.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The service currently fails to run since the runtime directories
aren't being created. Create the runtime directories and fixup the
path to echo to get things working again.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The current version (v2.9.3) started to fail to build due to changes
in openssl. Upstream must have run into similar issues as this was
identified and addressed in v2.10.0 by including a copy of
'dhparams.c' instead of relying on it being generated. (see commit
"dhparams: Add pregenerated .c file to the repository.")
Additionally v2.10.0 is better aligned for our kernel and dpdk
versions:
kernel
===
2.10.x 3.10 to 4.17
dpdk
===
2.10.x 17.11.3
The changes in this commit allow for the building of v2.10.0. A second
commit will be necessary to deal with a few runtime changes which
prevent ovsdb-server from starting correctly.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating the latest plugins.
We have to make some minor build adjustments, but otherwise, this is
a simple update.
We also drop the ptest build, since it is not used and is causing
build errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
commit 1fd1ff3720 [openvswitch: uprev to v2.9.2] left a bunch of
unused patches in place. Remove unreferenced patches as they are no
longer needed.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
