[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Ravi Chunduru ravivsn at gmail.com
Wed Aug 7 14:33:43 UTC 2013


Hi Trinath,

I could get this information from Grizzly installation guide
<https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/Nicira_SingleNode/OpenStack_Grizzly_Install_Guide.rst>


   -

   Register this Hypervisor Transport Node (Open vSwitch) with Nicira NVP:

   # Set the open vswitch manager address
   ovs-vsctl set-manager ssl:<IP Address of one of your Nicira NVP controllers>

   # Get the client pki cert
   cat /etc/openvswitch/ovsclient-cert.pem
   # Copy the contents of the output including the BEGIN and END
CERTIFICATE lines and be prepared to paste this into NVP manager
   # In NVP Manager add a new Hypervisor, follow the prompts and paste
the client certificate when prompted
   # Please review the NVP User Guide for details on adding Hypervisor
transport nodes to NVP for more information on this step



Thanks,
-Ravi.

On Wed, Aug 7, 2013 at 2:58 AM, Somanchi Trinath-B39208 <
B39208 at freescale.com> wrote:

>  Hi Ravi-****
>
> ** **
>
> With respect to NICIRA NVP Plugin in Quantum, All the processing is done
> with respect to Nicira NVP. ****
>
> ** **
>
> Also, the Controller cluster arguments are provided from ini file. ****
>
> ** **
>
> Can you point me to where the OVS certificates are handled in Nicira code
> base for quantum.****
>
> ** **
>
> ** **
>
> --****
>
> Trinath Somanchi - B39208****
>
> trinath.somanchi at freescale.com | extn: 4048****
>
> ** **
>
> *From:* Ravi Chunduru [mailto:ravivsn at gmail.com]
> *Sent:* Wednesday, August 07, 2013 11:32 AM
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] [Neutron] Configuration of Openflow
> controller reachability information in OVS from Openstack****
>
> ** **
>
> look into nicira neutrón plugin.
> I like the idea of ovs controller config driven through neutrón api.
> Nicira approach today  is to add ovs certificates onto ovs controller
> manually.****
>
> On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <B22160 at freescale.com>
> wrote:
> >
> > Hi,
> >
> > Using OVS Quantum Plugin and agent,  it is possible to configure OVS with
> >
> > Openflow logical switches.
> > Tables
> > Ports to the logical switches (VLAN, VXLAN, GRE etc..)
> >
> > OVS Agent in each compute node uses local ovs-vsctl command to configure
> above.
> >
> > But, there is no simple way for Openstack quantum to configure OVS in
> compute nodes with  OF controller IP address,  TCP Port,  SSL Certificates
> etc..
> > Also, there is no mechanism today to get hold of DPID of the OVS logical
> switches by Openstack controller.
> >
> > Do  you think that it is good to enhance  Openstack OVS Quantum Plugin
> and agent to pass above information?
> >
> > At very high level, we are thinking to introduce following:
> >
> >
> > Configuration of OF Controller reachability information
> > Quantum extension API though  which is used to set following:
> > Set of Openflow controllers  - For each OF controller
> > IP address,   Port
> > SSL  Enabled Yes/No.
> > If SSL enabled
> > CA certificate chain to validate OF controller identification by the OVS.
> > Zone/Cell for which this OF controller is applicable for.
> > Changes to QuantumClient to configure above.
> > OVS Quantum Plugin to store above information in the database.
> > OVS Quantum Agent to Plugin communication to get hold of OF controller
> information.
> > OVS Quantum Agent to add the information in OVS using ovs-vsctl.
> > Generation of logical switch certificates
> >   OVS Quantum agent requests the plugin to generate local certificate
> and private key for each one of the logical switches
> > Agent to send DPID
> > Plugin to generate certificate & private key pair and sending them as
> response.
> > Plugin configuration file to have CA certificate to use to sign the
> logical switch certificates.
> >
> >
> > Does that make sense?  Is this work going on somewhere else?
> >
> > Thanks
> > Srini
> >
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/3d691638/attachment.html>


More information about the OpenStack-dev mailing list