[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack
Ravi Chunduru
ravivsn at gmail.com
Wed Aug 7 14:33:43 UTC 2013
Hi Trinath,
I could get this information from Grizzly installation guide
<https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/Nicira_SingleNode/OpenStack_Grizzly_Install_Guide.rst>
-
Register this Hypervisor Transport Node (Open vSwitch) with Nicira NVP:
# Set the open vswitch manager address
ovs-vsctl set-manager ssl:<IP Address of one of your Nicira NVP controllers>
# Get the client pki cert
cat /etc/openvswitch/ovsclient-cert.pem
# Copy the contents of the output including the BEGIN and END
CERTIFICATE lines and be prepared to paste this into NVP manager
# In NVP Manager add a new Hypervisor, follow the prompts and paste
the client certificate when prompted
# Please review the NVP User Guide for details on adding Hypervisor
transport nodes to NVP for more information on this step
Thanks,
-Ravi.
On Wed, Aug 7, 2013 at 2:58 AM, Somanchi Trinath-B39208 <
B39208 at freescale.com> wrote:
> Hi Ravi-****
>
> ** **
>
> With respect to NICIRA NVP Plugin in Quantum, All the processing is done
> with respect to Nicira NVP. ****
>
> ** **
>
> Also, the Controller cluster arguments are provided from ini file. ****
>
> ** **
>
> Can you point me to where the OVS certificates are handled in Nicira code
> base for quantum.****
>
> ** **
>
> ** **
>
> --****
>
> Trinath Somanchi - B39208****
>
> trinath.somanchi at freescale.com | extn: 4048****
>
> ** **
>
> *From:* Ravi Chunduru [mailto:ravivsn at gmail.com]
> *Sent:* Wednesday, August 07, 2013 11:32 AM
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] [Neutron] Configuration of Openflow
> controller reachability information in OVS from Openstack****
>
> ** **
>
> look into nicira neutrón plugin.
> I like the idea of ovs controller config driven through neutrón api.
> Nicira approach today is to add ovs certificates onto ovs controller
> manually.****
>
> On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <B22160 at freescale.com>
> wrote:
> >
> > Hi,
> >
> > Using OVS Quantum Plugin and agent, it is possible to configure OVS with
> >
> > Openflow logical switches.
> > Tables
> > Ports to the logical switches (VLAN, VXLAN, GRE etc..)
> >
> > OVS Agent in each compute node uses local ovs-vsctl command to configure
> above.
> >
> > But, there is no simple way for Openstack quantum to configure OVS in
> compute nodes with OF controller IP address, TCP Port, SSL Certificates
> etc..
> > Also, there is no mechanism today to get hold of DPID of the OVS logical
> switches by Openstack controller.
> >
> > Do you think that it is good to enhance Openstack OVS Quantum Plugin
> and agent to pass above information?
> >
> > At very high level, we are thinking to introduce following:
> >
> >
> > Configuration of OF Controller reachability information
> > Quantum extension API though which is used to set following:
> > Set of Openflow controllers - For each OF controller
> > IP address, Port
> > SSL Enabled Yes/No.
> > If SSL enabled
> > CA certificate chain to validate OF controller identification by the OVS.
> > Zone/Cell for which this OF controller is applicable for.
> > Changes to QuantumClient to configure above.
> > OVS Quantum Plugin to store above information in the database.
> > OVS Quantum Agent to Plugin communication to get hold of OF controller
> information.
> > OVS Quantum Agent to add the information in OVS using ovs-vsctl.
> > Generation of logical switch certificates
> > OVS Quantum agent requests the plugin to generate local certificate
> and private key for each one of the logical switches
> > Agent to send DPID
> > Plugin to generate certificate & private key pair and sending them as
> response.
> > Plugin configuration file to have CA certificate to use to sign the
> logical switch certificates.
> >
> >
> > Does that make sense? Is this work going on somewhere else?
> >
> > Thanks
> > Srini
> >
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/3d691638/attachment.html>
More information about the OpenStack-dev
mailing list