[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Ravi Chunduru ravivsn at gmail.com
Wed Aug 7 17:52:19 UTC 2013 

Right, Nicira controller needs manual OVS certificate addition.
>From my earlier mail
*"Nicira approach today  is to add ovs certificates onto ovs controller
manually."*

Hence, I like Srini's proposal. I suggest to write extensions to your
custom plugin. Once accepted it can be part of the core.

Thanks,
-Ravi.


On Wed, Aug 7, 2013 at 8:15 AM, Somanchi Trinath-B39208 <
B39208 at freescale.com> wrote:

>  Hi Ravi-****
>
> ** **
>
> We want achieve the same from Quantum Client through Quantum OVS Agent. **
> **
>
> ** **
>
> Is there any such implementation available for the same with openstack.***
> *
>
> ** **
>
> I think, the below manual mentions the manual configuration using ovs cli.
> ****
>
> ** **
>
> ** **
>
> ** **
>
> Thanking you.****
>
> ** **
>
> --****
>
> Trinath Somanchi - B39208****
>
> trinath.somanchi at freescale.com | extn: 4048****
>
> ** **
>
> *From:* Ravi Chunduru [mailto:ravivsn at gmail.com]
> *Sent:* Wednesday, August 07, 2013 8:04 PM
>
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] [Neutron] Configuration of Openflow
> controller reachability information in OVS from Openstack****
>
>  ** **
>
> Hi Trinath,****
>
> ** **
>
> I could get this information from Grizzly installation guide <https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/Nicira_SingleNode/OpenStack_Grizzly_Install_Guide.rst>
> ****
>
> ** **
>
> **·         **Register this Hypervisor Transport Node (Open vSwitch) with
> Nicira NVP:****
>
> **·         **** **
>
> **·         **** **
>
> **·         **# Set the open vswitch manager address****
>
> **·         **ovs-vsctl set-manager ssl:<IP Address of one of your Nicira NVP controllers>****
>
> **·         **** **
>
> **·         **# Get the client pki cert****
>
> **·         **cat /etc/openvswitch/ovsclient-cert.pem****
>
> **·         **** **
>
> **·         **# Copy the contents of the output including the BEGIN and END CERTIFICATE lines and be prepared to paste this into NVP manager****
>
> **·         **# In NVP Manager add a new Hypervisor, follow the prompts and paste the client certificate when prompted****
>
>  # Please review the NVP User Guide for details on adding Hypervisor transport nodes to NVP for more information on this step****
>
>  ** **
>
> Thanks,****
>
> -Ravi.****
>
> ** **
>
> On Wed, Aug 7, 2013 at 2:58 AM, Somanchi Trinath-B39208 <
> B39208 at freescale.com> wrote:****
>
> Hi Ravi-****
>
>  ****
>
> With respect to NICIRA NVP Plugin in Quantum, All the processing is done
> with respect to Nicira NVP. ****
>
>  ****
>
> Also, the Controller cluster arguments are provided from ini file. ****
>
>  ****
>
> Can you point me to where the OVS certificates are handled in Nicira code
> base for quantum.****
>
>  ****
>
>  ****
>
> --****
>
> Trinath Somanchi - B39208****
>
> trinath.somanchi at freescale.com | extn: 4048****
>
>  ****
>
> *From:* Ravi Chunduru [mailto:ravivsn at gmail.com]
> *Sent:* Wednesday, August 07, 2013 11:32 AM
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] [Neutron] Configuration of Openflow
> controller reachability information in OVS from Openstack****
>
>  ****
>
> look into nicira neutrón plugin.
> I like the idea of ovs controller config driven through neutrón api.
> Nicira approach today  is to add ovs certificates onto ovs controller
> manually.****
>
> On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <B22160 at freescale.com>
> wrote:
> >
> > Hi,
> >
> > Using OVS Quantum Plugin and agent,  it is possible to configure OVS with
> >
> > Openflow logical switches.
> > Tables
> > Ports to the logical switches (VLAN, VXLAN, GRE etc..)
> >
> > OVS Agent in each compute node uses local ovs-vsctl command to configure
> above.
> >
> > But, there is no simple way for Openstack quantum to configure OVS in
> compute nodes with  OF controller IP address,  TCP Port,  SSL Certificates
> etc..
> > Also, there is no mechanism today to get hold of DPID of the OVS logical
> switches by Openstack controller.
> >
> > Do  you think that it is good to enhance  Openstack OVS Quantum Plugin
> and agent to pass above information?
> >
> > At very high level, we are thinking to introduce following:
> >
> >
> > Configuration of OF Controller reachability information
> > Quantum extension API though  which is used to set following:
> > Set of Openflow controllers  - For each OF controller
> > IP address,   Port
> > SSL  Enabled Yes/No.
> > If SSL enabled
> > CA certificate chain to validate OF controller identification by the OVS.
> > Zone/Cell for which this OF controller is applicable for.
> > Changes to QuantumClient to configure above.
> > OVS Quantum Plugin to store above information in the database.
> > OVS Quantum Agent to Plugin communication to get hold of OF controller
> information.
> > OVS Quantum Agent to add the information in OVS using ovs-vsctl.
> > Generation of logical switch certificates
> >   OVS Quantum agent requests the plugin to generate local certificate
> and private key for each one of the logical switches
> > Agent to send DPID
> > Plugin to generate certificate & private key pair and sending them as
> response.
> > Plugin configuration file to have CA certificate to use to sign the
> logical switch certificates.
> >
> >
> > Does that make sense?  Is this work going on somewhere else?
> >
> > Thanks
> > Srini
> >
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >****
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev****
>
>
>
> ****
>
> ** **
>
> --
> Ravi****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/4d69bcdc/attachment-0001.html>

More information about the OpenStack-dev mailing list