Installing and Configuring OpenvSwitch on Ubuntu 12.04 (Precise Pangolin)
Updates
- For installing OpenvSwitch on Ubuntu from package head to OpenvSwitch Configure from Packages and Attaching to a Floodlight OpenFlow Controller
- To install Open vSwitch from source head to Configuring VXLan and GRE tunnels on OpenvSwitch
Quick install how to for Installing and Configuring OpenvSwitch on Ubuntu 12.04 (Precise Pangolin) with the nightly OVS build. Before I start, I must point out the great progress the dev team has done in such a short time. All of the old gotchas in earlier releases on implementation are long gone. I am going to revisit the KVM integration in a few days as some of the inconsistencies for bringing up TAPs into hypervisors should be getting some consensus for provisioning.
The announcement of the inclusion of OpenvSwitch into the mainline Linux kernel, coupled with some KVM enhancements to provide VLAN tagging, LACP, QoS, sFlow etc, is making some of us excited ,and others very nervous.
@ubuntu-12:openvswitch-HEAD-f1936eb# uname -a
Linux ubuntu-12 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
#Ubuntu release
@ubuntu-12:openvswitch-HEAD-f1936eb# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu precise (development branch)
Release: 12.04
Codename: precise
For those familiar with the build you can just paste the following in your bash shell as root. To walk through the install skip the following snippet.
apt-get update apt-get install -y git python-simplejson python-qt4 python-twisted-conch automake autoconf gcc uml-utilities libtool build-essential git pkg-config linux-headers-uname -rgit clone git://openvswitch.org/openvswitch cd openvswitch ./boot.sh ./configure --with-linux=/lib/modules/uname -r/build make && make install insmod datapath/linux/openvswitch.ko insmod datapath/linux/brcompat.ko touch /usr/local/etc/ovs-vswitchd.conf mkdir -p /usr/local/etc/openvswitch ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema ovsdb-server /usr/local/etc/openvswitch/conf.db \ --remote=punix:/usr/local/var/run/openvswitch/db.sock \ --remote=db:Open_vSwitch,manager_options \ --private-key=db:SSL,private_key \ --certificate=db:SSL,certificate \ --bootstrap-ca-cert=db:SSL,ca_cert --pidfile --detach --log-file ovs-vsctl --no-wait init ovs-vswitchd --pidfile --detach ovs-vsctl show
System Preperation
Install dependencies:
apt-get update apt-get install python-simplejson python-qt4 python-twisted-conch automake autoconf gcc uml-utilities libtool build-essential git pkg-config
Download OVS VXLan from Kyle Mestery’s (Cisco) repo on github.
git clone https://github.com/mestery/ovs-vxlan.git #CD into the new directory you just downloaded. cd ovs-vxlan #Important here to switch to the 'vxlan' branch. Git will let you know when you switch. git checkout vxlan
Compiling Open vSwitch From Source
./boot.sh
./configure --with-linux=/lib/modules/uname -r/build
make
make install
#Load the OVS Kernel Module
insmod datapath/linux/openvswitch.ko
#If you are running a stripped version of Nix like an EC2 cloud image and get an error along the lines of this:
configure: error: source dir /lib/modules/3.2.0-23-virtual/build doesn't exist
#Pull down the headers for your kernel.
sudo apt-get install linux-headers-uname -r
Open vSwitch Configuration
touch /usr/local/etc/ovs-vswitchd.conf mkdir -p /usr/local/etc/openvswitch ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
Run the following commands, note some dashes are two ‘- -’ e.g. – -remote=db & – -private-key
Start ovsdb-server, this stores the config into a file that is persistent even after restarts.
ovsdb-server /usr/local/etc/openvswitch/conf.db \ --remote=punix:/usr/local/var/run/openvswitch/db.sock \ --remote=db:Open_vSwitch,manager_options \ --private-key=db:SSL,private_key \ --certificate=db:SSL,certificate \ --bootstrap-ca-cert=db:SSL,ca_cert --pidfile --detach --log-file
#Only need to run this the first time. ovs-vsctl --no-wait init #Start vswitch ovs-vswitchd --pidfile --detach #Verify the kernel module(s) in case you didn't earlier and get errors. #lsmod | grep br #brcompat 13512 0 #openvswitch 98196 1 brcompat
If they are not there try loading again and check your path to the kernel module.
insmod datapath/linux/openvswitch.ko
At this point you have a fucntioning vanilla OVS install. Output should look something like this.
ovs-vsctl show b6d574d7-5582-4cc0-93e5-a90cf0eb0a38 root@demo-139:/home/ubuntu/ovs-vxlan# ovs-vsctl --version ovs-vsctl (Open vSwitch) 1.8.90 Compiled Aug 19 2012 06:23:36
Configure Linux Networking
I have one NIC (eth1) on the same LAN segment/network/vlan.
We are attaching eth1 to br1 and applying an IP to the bridge interface.
We are attaching an IP to br2. br2 is the island that we are building a tunnel for hosts to connect on.
ovs-vsctl add-br br1 ovs-vsctl add-br br2 ovs-vsctl add-port br1 eth1 ifconfig eth1 0 ifconfig br1 192.168.1.11 netmask 255.255.255.0 route add default gw 192.168.1.1 br1 (br1 is now the default gateway NIC instead of eth1 since we moved eth1 inside of br1 (bridge interface br1) ifconfig br2 10.1.2.11 netmask 255.255.255.0 (no physical interface is bound here.)
If you have issues getting the bridge built you may need to kill the OVS processes and restart them depending on your step order.
Your Linux routing table should now look something like this:
root@openstack2:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br1 10.1.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
You can put the following into a text file and give it execute permissions with “chmod +x filename” and then run it “./filename”. If your network settings are right it should flip the IP to the bridge and not cut you off. Keyword “should” so have a way to get to the box if you cut yourself off.
ovs-vsctl add-br br1 ovs-vsctl add-br br2 ovs-vsctl add-port br1 eth1 ifconfig eth1 0 && ifconfig br1 192.168.1.(X) netmask 255.255.255.0 route add default gw 192.168.1.1 br1 ifconfig br2 10.1.2.11 netmask 255.255.255.0
If you want your networking to be persistent over restart you can adjust /etc/network/interfaces similar to the following template.
auto br0 iface br0 inet static address 192.168.1.x network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.1 #Add your physical interface to the bridge. bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off dns-nameservers 8.8.8.8
Below are some screenshots that may help.
After adding the new bridge group you should now be able to see the new br1 interface as a logical interface from ifconfig as shown below.
Thanks for stopping by.
Remove bridge-utils removes:
The following packages will be REMOVED:
bridge-utils libvirt-bin python-vm-builder qemu qemu-common qemu-kvm
ubuntu-vm-builder
And I am quite sure I need some of those packages for my VM’s. Namely the ubuntu-vm-builder.
Are you sure that removing bridge-utils and related packages won’t crash my virtual machines? Or not allow kvm to work correctly?
Hi Matt. I will test in a bit. That’s a good point. ‘rmmod bridge’ will pull the Linux bridging module to get you going. I will get back to you after work.
Hi,
I had a question. Why are we stopping the network-manager in this installation? Should we start the network-manager after the installation is done ?
I tend to just because it can get in the way with some things. If you install Ubuntu Server addition it wouldn’t be installed anywho. /etc/network/interfaces is the file the loads the config on a base intall. Not required but may get in the way.
Cyas.
I have one NIC (eth1) on the same LAN segment/network/vlan.
We are attaching eth1 to br1 and applying an IP to the bridge interface.
We are attaching an IP to br2. br2 is the island that we are building a tunnel for hosts to connect on.
Does the above mean that before adding bridges using ovs-vsctl you have one ethernet interface eth1 with ip 192.168.1.1? I have a similar situation.but after the operations you suggested I can ping host and other machines in the host network but not google. (maybe DNS is trashed.??) any thoughts?
stop and purge the network-manager could become a nightmare. In my case, i lost network access completely. it toke me hours to recover from the disaster.
Hi Brent,
I am running my ovsdb-server on the TCP port and not on the unix server domain socket as discussed above. The problem I am facing is , I am unable to launch any VM. It is giving error “Connection Refused”. Any input?
Thnx