openvswitch: 2.5.4 -> 2.12.0

Openvswitch was upgraded to the latest
stable version (currenty 2.12.0). This remove ovs-monitor-ipsec
commands.

LTS version is still available using
`config.virtualisation.vswitch.package = pkgs.openvswitch-lts`
it has been upgraded to 2.5.6.

This commit is a split from the original PR #35127.

nixos/modules/virtualisation/openvswitch.nix

@@ -42,6 +42,9 @@ in {
       default = false;
       description = ''
         Whether to start racoon service for openvswitch.
+        Supported only if openvswitch version is less than 2.6.0.
+        Use <literal>virtualisation.vswitch.package = pkgs.openvswitch-lts</literal>
+        for a version that supports ipsec over GRE.
       '';
     };
   };
@@ -89,6 +92,13 @@ in {
             "${cfg.package}/share/openvswitch/vswitch.ovsschema"
         fi
         chmod -R +w /var/db/openvswitch
+        if ${cfg.package}/bin/ovsdb-tool needs-conversion /var/db/openvswitch/conf.db | grep -q "yes"
+        then
+          echo "Performing database upgrade"
+          ${cfg.package}/bin/ovsdb-tool convert /var/db/openvswitch/conf.db
+        else
+          echo "Database already up to date"
+        fi
         '';
       serviceConfig = {
         ExecStart =
@@ -133,7 +143,7 @@ in {
     };
 
   }
-  (mkIf cfg.ipsec {
+  (mkIf (cfg.ipsec && (versionOlder cfg.package.version "2.6.0")) {
     services.racoon.enable = true;
     services.racoon.configPath = "${runDir}/ipsec/etc/racoon/racoon.conf";
 
@@ -172,5 +182,4 @@ in {
       '';
     };
   })]));
-
 }

pkgs/os-specific/linux/openvswitch/default.nix

@@ -6,19 +6,20 @@ with stdenv.lib;
 
 let
   _kernel = kernel;
+  python = python27.withPackages (ps: with ps; [ six ]);
 in stdenv.mkDerivation rec {
-  version = "2.5.4";
+  version = "2.12.0";
   pname = "openvswitch";
 
   src = fetchurl {
     url = "http://openvswitch.org/releases/${pname}-${version}.tar.gz";
-    sha256 = "1lji87wg953lqcdf02f1zv2m54vhd2x9jd03bb91lnlb4qlhifiv";
+    sha256 = "1y78ix5inhhcvicbvyy2ij38am1215nr55vydhab3d4065q45z8k";
   };
 
   kernel = optional (_kernel != null) _kernel.dev;
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ makeWrapper utillinux openssl libcap_ng python27
+  buildInputs = [ makeWrapper utillinux openssl libcap_ng python
                   perl procps which ];
 
   configureFlags = [
@@ -36,27 +37,13 @@ in stdenv.mkDerivation rec {
 
   postBuild = ''
     # fix tests
-    substituteInPlace xenserver/opt_xensource_libexec_interface-reconfigure --replace '/usr/bin/env python' '${python27.interpreter}'
+    substituteInPlace xenserver/opt_xensource_libexec_interface-reconfigure --replace '/usr/bin/env python' '${python.interpreter}'
-    substituteInPlace vtep/ovs-vtep --replace '/usr/bin/env python' '${python27.interpreter}'
+    substituteInPlace vtep/ovs-vtep --replace '/usr/bin/env python' '${python.interpreter}'
   '';
 
   enableParallelBuilding = true;
   doCheck = false; # bash-completion test fails with "compgen: command not found"
 
-  postInstall = ''
-    cp debian/ovs-monitor-ipsec $out/share/openvswitch/scripts
-    makeWrapper \
-      $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      $out/bin/ovs-monitor-ipsec \
-      --prefix PYTHONPATH : "$out/share/openvswitch/python"
-    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      --replace "UnixctlServer.create(None)" "UnixctlServer.create(os.environ['UNIXCTLPATH'])"
-    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      --replace "self.psk_file" "root_prefix + self.psk_file"
-    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
-      --replace "self.cert_dir" "root_prefix + self.cert_dir"
-  '';
-
   meta = with stdenv.lib; {
     platforms = platforms.linux;
     description = "A multilayer virtual switch";
@@ -73,5 +60,6 @@ in stdenv.mkDerivation rec {
       '';
     homepage = http://openvswitch.org/;
     license = licenses.asl20;
+    maintainers = [ maintainers.netixx ];
   };
 }

pkgs/os-specific/linux/openvswitch/lts.nix

@@ -0,0 +1,77 @@
+{ stdenv, fetchurl, makeWrapper, pkgconfig, utillinux, which
+, procps, libcap_ng, openssl, python27, iproute , perl
+, kernel ? null }:
+
+with stdenv.lib;
+
+let
+  _kernel = kernel;
+in stdenv.mkDerivation rec {
+  version = "2.5.6";
+  pname = "openvswitch";
+
+  src = fetchurl {
+    url = "http://openvswitch.org/releases/${pname}-${version}.tar.gz";
+    sha256 = "14zjcd0ddjv90rwb24l3cac6psd34a9r04jjghn1av0kf6b76zj4";
+  };
+
+  kernel = optional (_kernel != null) _kernel.dev;
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ makeWrapper utillinux openssl libcap_ng python27
+                  perl procps which ];
+
+  configureFlags = [
+    "--localstatedir=/var"
+    "--sharedstatedir=/var"
+    "--sbindir=$(out)/bin"
+  ] ++ (optionals (_kernel != null) ["--with-linux"]);
+
+  # Leave /var out of this!
+  installFlags = [
+    "LOGDIR=$(TMPDIR)/dummy"
+    "RUNDIR=$(TMPDIR)/dummy"
+    "PKIDIR=$(TMPDIR)/dummy"
+  ];
+
+  postBuild = ''
+    # fix tests
+    substituteInPlace xenserver/opt_xensource_libexec_interface-reconfigure --replace '/usr/bin/env python' '${python27.interpreter}'
+    substituteInPlace vtep/ovs-vtep --replace '/usr/bin/env python' '${python27.interpreter}'
+  '';
+
+  enableParallelBuilding = true;
+  doCheck = false; # bash-completion test fails with "compgen: command not found"
+
+  postInstall = ''
+    cp debian/ovs-monitor-ipsec $out/share/openvswitch/scripts
+    makeWrapper \
+      $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      $out/bin/ovs-monitor-ipsec \
+      --prefix PYTHONPATH : "$out/share/openvswitch/python"
+    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      --replace "UnixctlServer.create(None)" "UnixctlServer.create(os.environ['UNIXCTLPATH'])"
+    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      --replace "self.psk_file" "root_prefix + self.psk_file"
+    substituteInPlace $out/share/openvswitch/scripts/ovs-monitor-ipsec \
+      --replace "self.cert_dir" "root_prefix + self.cert_dir"
+  '';
+
+  meta = with stdenv.lib; {
+    platforms = platforms.linux;
+    description = "A multilayer virtual switch";
+    longDescription =
+      ''
+      Open vSwitch is a production quality, multilayer virtual switch
+      licensed under the open source Apache 2.0 license. It is
+      designed to enable massive network automation through
+      programmatic extension, while still supporting standard
+      management interfaces and protocols (e.g. NetFlow, sFlow, SPAN,
+      RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to
+      support distribution across multiple physical servers similar
+      to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
+      '';
+    homepage = http://openvswitch.org/;
+    license = licenses.asl20;
+  };
+}

pkgs/top-level/all-packages.nix

@@ -5273,6 +5273,8 @@ in
     openssl = openssl_1_0_2;
   };
 
+  openvswitch-lts = callPackage ../os-specific/linux/openvswitch/lts.nix { };
+
   optipng = callPackage ../tools/graphics/optipng {
     libpng = libpng12;
   };