[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Somanchi Trinath-B39208 B39208 at freescale.com
Wed Aug 7 15:15:13 UTC 2013


Hi Ravi-

We want achieve the same from Quantum Client through Quantum OVS Agent.

Is there any such implementation available for the same with openstack.

I think, the below manual mentions the manual configuration using ovs cli.



Thanking you.

--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com | extn: 4048

From: Ravi Chunduru [mailto:ravivsn at gmail.com]
Sent: Wednesday, August 07, 2013 8:04 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Hi Trinath,

I could get this information from Grizzly installation guide <https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/Nicira_SingleNode/OpenStack_Grizzly_Install_Guide.rst>


·         Register this Hypervisor Transport Node (Open vSwitch) with Nicira NVP:

·

·

·         # Set the open vswitch manager address

·         ovs-vsctl set-manager ssl:<IP Address of one of your Nicira NVP controllers>

·

·         # Get the client pki cert

·         cat /etc/openvswitch/ovsclient-cert.pem

·

·         # Copy the contents of the output including the BEGIN and END CERTIFICATE lines and be prepared to paste this into NVP manager

·         # In NVP Manager add a new Hypervisor, follow the prompts and paste the client certificate when prompted

# Please review the NVP User Guide for details on adding Hypervisor transport nodes to NVP for more information on this step

Thanks,
-Ravi.

On Wed, Aug 7, 2013 at 2:58 AM, Somanchi Trinath-B39208 <B39208 at freescale.com<mailto:B39208 at freescale.com>> wrote:
Hi Ravi-

With respect to NICIRA NVP Plugin in Quantum, All the processing is done with respect to Nicira NVP.

Also, the Controller cluster arguments are provided from ini file.

Can you point me to where the OVS certificates are handled in Nicira code base for quantum.


--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> | extn: 4048

From: Ravi Chunduru [mailto:ravivsn at gmail.com<mailto:ravivsn at gmail.com>]
Sent: Wednesday, August 07, 2013 11:32 AM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack


look into nicira neutrón plugin.
I like the idea of ovs controller config driven through neutrón api. Nicira approach today  is to add ovs certificates onto ovs controller manually.

On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <B22160 at freescale.com<mailto:B22160 at freescale.com>> wrote:
>
> Hi,
>
> Using OVS Quantum Plugin and agent,  it is possible to configure OVS with
>
> Openflow logical switches.
> Tables
> Ports to the logical switches (VLAN, VXLAN, GRE etc..)
>
> OVS Agent in each compute node uses local ovs-vsctl command to configure above.
>
> But, there is no simple way for Openstack quantum to configure OVS in compute nodes with  OF controller IP address,  TCP Port,  SSL Certificates etc..
> Also, there is no mechanism today to get hold of DPID of the OVS logical switches by Openstack controller.
>
> Do  you think that it is good to enhance  Openstack OVS Quantum Plugin and agent to pass above information?
>
> At very high level, we are thinking to introduce following:
>
>
> Configuration of OF Controller reachability information
> Quantum extension API though  which is used to set following:
> Set of Openflow controllers  - For each OF controller
> IP address,   Port
> SSL  Enabled Yes/No.
> If SSL enabled
> CA certificate chain to validate OF controller identification by the OVS.
> Zone/Cell for which this OF controller is applicable for.
> Changes to QuantumClient to configure above.
> OVS Quantum Plugin to store above information in the database.
> OVS Quantum Agent to Plugin communication to get hold of OF controller information.
> OVS Quantum Agent to add the information in OVS using ovs-vsctl.
> Generation of logical switch certificates
>   OVS Quantum agent requests the plugin to generate local certificate and private key for each one of the logical switches
> Agent to send DPID
> Plugin to generate certificate & private key pair and sending them as response.
> Plugin configuration file to have CA certificate to use to sign the logical switch certificates.
>
>
> Does that make sense?  Is this work going on somewhere else?
>
> Thanks
> Srini
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/7b44c43f/attachment.html>


More information about the OpenStack-dev mailing list