add openvswitch package + basic nixos module to enable it

2014-06-12 15:16:38 +02:00 · 2014-06-12 15:16:38 +02:00 · 8ef11bb0ee
parent 9deb7f8aae
commit 8ef11bb0ee
5 changed files with 180 additions and 3 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -365,6 +365,7 @@
  ./virtualisation/docker.nix
  ./virtualisation/libvirtd.nix
  #./virtualisation/nova.nix
+  ./virtualisation/openvswitch.nix
  ./virtualisation/virtualbox-guest.nix
  #./virtualisation/xen-dom0.nix
 ]
--- a/nixos/modules/virtualisation/libvirtd.nix
+++ b/nixos/modules/virtualisation/libvirtd.nix
@ -7,6 +7,7 @@ with lib;
 let

  cfg = config.virtualisation.libvirtd;
+  vswitch = config.virtualisation.vswitch;
  configFile = pkgs.writeText "libvirtd.conf" ''
    unix_sock_group = "libvirtd"
    unix_sock_rw_perms = "0770"
@ -75,10 +76,14 @@ in
        wantedBy = [ "multi-user.target" ];
        after = [ "systemd-udev-settle.service" ];

-        path =
-          [ pkgs.bridge_utils pkgs.dmidecode pkgs.dnsmasq
+        path = [ 
+            pkgs.bridge_utils 
+            pkgs.dmidecode 
+            pkgs.dnsmasq
            pkgs.ebtables
-          ] ++ optional cfg.enableKVM pkgs.qemu_kvm;
+          ] 
+          ++ optional cfg.enableKVM pkgs.qemu_kvm
+          ++ optional vswitch.enable vswitch.package;

        preStart =
          ''
--- a/nixos/modules/virtualisation/openvswitch.nix
+++ b/nixos/modules/virtualisation/openvswitch.nix
@ -0,0 +1,120 @@
+# Systemd services for openvswitch
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+    cfg = config.virtualisation.vswitch;
+
+in
+
+{
+    # ------------------------------------------------------------
+
+    options = {
+
+        virtualisation.vswitch.enable = mkOption {
+            type = types.bool;
+            default = false;
+            description =
+                ''
+                Enable Open vSwitch. A configuration 
+                daemon (ovs-server) will be started.
+                '';
+        };
+
+
+        virtualisation.vswitch.package = mkOption {
+            type = types.package;
+            default = pkgs.openvswitch;
+            description =
+                ''
+                Open vSwitch package to use.
+                '';
+        };
+
+    };
+
+    # ------------------------------------------------------------
+
+    config = mkIf cfg.enable (let 
+
+        # Where the communication sockets live
+        runDir = "/var/run/openvswitch";
+
+        # Where the config database live (can't be in nix-store)
+        stateDir = "/var/db/openvswitch";
+
+        # The path to the an initialized version of the database 
+        db = pkgs.stdenv.mkDerivation {
+            name = "vswitch.db";
+            unpackPhase = "true";
+            buildPhase = "true";
+            buildInputs = with pkgs; [
+                cfg.package
+            ];
+            installPhase = 
+                ''
+                ensureDir $out/
+                '';
+        };
+
+    in {
+
+        environment.systemPackages = [ cfg.package ]; 
+
+        boot.kernelModules = [ "tun" "openvswitch" ];
+
+        boot.extraModulePackages = [ cfg.package ];
+
+        systemd.services.ovsdb = {
+            description = "Open_vSwitch Database Server";
+            wantedBy = [ "multi-user.target" ];
+            after = [ "systemd-udev-settle.service" ];
+            wants = [ "vswitchd.service" ];
+            path = [ cfg.package ];
+            restartTriggers = [ db cfg.package ];
+            # Create the config database
+            preStart = 
+                ''
+                mkdir -p ${runDir}
+                mkdir -p /var/db/openvswitch
+                chmod +w /var/db/openvswitch
+                if [[ ! -e /var/db/openvswitch/conf.db ]]; then
+                    ${cfg.package}/bin/ovsdb-tool create \
+                        "/var/db/openvswitch/conf.db" \
+                        "${cfg.package}/share/openvswitch/vswitch.ovsschema"
+                fi
+                chmod -R +w /var/db/openvswitch
+                '';
+            serviceConfig.ExecStart = 
+                ''
+                ${cfg.package}/bin/ovsdb-server \
+                    --remote=punix:${runDir}/db.sock \
+                    --private-key=db:Open_vSwitch,SSL,private_key \
+                    --certificate=db:Open_vSwitch,SSL,certificate \
+                    --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert \
+                    --unixctl=ovsdb.ctl.sock \
+                    /var/db/openvswitch/conf.db
+                '';                
+            serviceConfig.Restart = "always";
+            serviceConfig.RestartSec = 3;
+            postStart =
+                ''
+                ${cfg.package}/bin/ovs-vsctl --timeout 3 --retry --no-wait init
+                '';
+
+        };
+
+        systemd.services.vswitchd = {
+            description = "Open_vSwitch Daemon";
+            bindsTo = [ "ovsdb.service" ];
+            after = [ "ovsdb.service" ];
+            path = [ cfg.package ];
+            serviceConfig.ExecStart = ''${cfg.package}/bin/ovs-vswitchd'';
+        };
+
+    });
+
+}
--- a/pkgs/os-specific/linux/openvswitch/default.nix
+++ b/pkgs/os-specific/linux/openvswitch/default.nix
@ -0,0 +1,49 @@
+{ stdenv, fetchurl, openssl, python27, iproute, perl510, kernel ? null}:
+let
+
+    version = "2.1.2";
+
+    skipKernelMod = kernel == null;
+
+in
+stdenv.mkDerivation {
+    version = "2.1.2";
+    name = "openvswitch-${version}";
+    src = fetchurl {
+        url = "http://openvswitch.org/releases/openvswitch-2.1.2.tar.gz";
+        sha256 = "16q7faqrj2pfchhn0x5s9ggi5ckcg9n62f6bnqaih064aaq2jm47";
+    };
+    kernel = if skipKernelMod then null else kernel.dev;
+    buildInputs = [
+        openssl
+        python27
+        perl510
+    ];
+    configureFlags = [
+        "--localstatedir=/var"
+        "--sharedstatedir=/var"
+        "--sbindir=$(out)/bin"
+    ] ++ (if skipKernelMod then [] else ["--with-linux"]);
+    # Leave /var out of this!
+    installFlags = [
+        "LOGDIR=$(TMPDIR)/dummy"
+        "RUNDIR=$(TMPDIR)/dummy"
+        "PKIDIR=$(TMPDIR)/dummy"
+    ];
+    meta = {
+        platforms = stdenv.lib.platforms.linux;
+        description = "A multilayer virtual switch";
+        longDescription = ''
+            Open vSwitch is a production quality, multilayer virtual switch 
+            licensed under the open source Apache 2.0 license. It is 
+            designed to enable massive network automation through 
+            programmatic extension, while still supporting standard 
+            management interfaces and protocols (e.g. NetFlow, sFlow, SPAN, 
+            RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to 
+            support distribution across multiple physical servers similar 
+            to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
+        '';
+        homepage = "http://openvswitch.org/";
+        licence = "Apache 2.0";
+    };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1788,6 +1788,8 @@ let

  openvpn_learnaddress = callPackage ../tools/networking/openvpn/openvpn_learnaddress.nix { };

+  openvswitch = callPackage ../os-specific/linux/openvswitch { };
+
  optipng = callPackage ../tools/graphics/optipng {
    libpng = libpng12;
  };