Hi Ravi- We want achieve the same from Quantum Client through Quantum OVS Agent.
Is there any such implementation available for the same with openstack. I think, the below manual mentions the manual configuration using ovs cli. Thanking you. -- Trinath Somanchi - B39208 trinath.soman...@freescale.com | extn: 4048 From: Ravi Chunduru [mailto:ravi...@gmail.com] Sent: Wednesday, August 07, 2013 8:04 PM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack Hi Trinath, I could get this information from Grizzly installation guide <https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/Nicira_SingleNode/OpenStack_Grizzly_Install_Guide.rst> · Register this Hypervisor Transport Node (Open vSwitch) with Nicira NVP: · · · # Set the open vswitch manager address · ovs-vsctl set-manager ssl:<IP Address of one of your Nicira NVP controllers> · · # Get the client pki cert · cat /etc/openvswitch/ovsclient-cert.pem · · # Copy the contents of the output including the BEGIN and END CERTIFICATE lines and be prepared to paste this into NVP manager · # In NVP Manager add a new Hypervisor, follow the prompts and paste the client certificate when prompted # Please review the NVP User Guide for details on adding Hypervisor transport nodes to NVP for more information on this step Thanks, -Ravi. On Wed, Aug 7, 2013 at 2:58 AM, Somanchi Trinath-B39208 <b39...@freescale.com<mailto:b39...@freescale.com>> wrote: Hi Ravi- With respect to NICIRA NVP Plugin in Quantum, All the processing is done with respect to Nicira NVP. Also, the Controller cluster arguments are provided from ini file. Can you point me to where the OVS certificates are handled in Nicira code base for quantum. -- Trinath Somanchi - B39208 trinath.soman...@freescale.com<mailto:trinath.soman...@freescale.com> | extn: 4048 From: Ravi Chunduru [mailto:ravi...@gmail.com<mailto:ravi...@gmail.com>] Sent: Wednesday, August 07, 2013 11:32 AM To: OpenStack Development Mailing List Subject: Re: [openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack look into nicira neutrón plugin. I like the idea of ovs controller config driven through neutrón api. Nicira approach today is to add ovs certificates onto ovs controller manually. On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <b22...@freescale.com<mailto:b22...@freescale.com>> wrote: > > Hi, > > Using OVS Quantum Plugin and agent, it is possible to configure OVS with > > Openflow logical switches. > Tables > Ports to the logical switches (VLAN, VXLAN, GRE etc..) > > OVS Agent in each compute node uses local ovs-vsctl command to configure > above. > > But, there is no simple way for Openstack quantum to configure OVS in compute > nodes with OF controller IP address, TCP Port, SSL Certificates etc.. > Also, there is no mechanism today to get hold of DPID of the OVS logical > switches by Openstack controller. > > Do you think that it is good to enhance Openstack OVS Quantum Plugin and > agent to pass above information? > > At very high level, we are thinking to introduce following: > > > Configuration of OF Controller reachability information > Quantum extension API though which is used to set following: > Set of Openflow controllers - For each OF controller > IP address, Port > SSL Enabled Yes/No. > If SSL enabled > CA certificate chain to validate OF controller identification by the OVS. > Zone/Cell for which this OF controller is applicable for. > Changes to QuantumClient to configure above. > OVS Quantum Plugin to store above information in the database. > OVS Quantum Agent to Plugin communication to get hold of OF controller > information. > OVS Quantum Agent to add the information in OVS using ovs-vsctl. > Generation of logical switch certificates > OVS Quantum agent requests the plugin to generate local certificate and > private key for each one of the logical switches > Agent to send DPID > Plugin to generate certificate & private key pair and sending them as > response. > Plugin configuration file to have CA certificate to use to sign the logical > switch certificates. > > > Does that make sense? Is this work going on somewhere else? > > Thanks > Srini > > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Ravi
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
