look into nicira neutrón plugin. I like the idea of ovs controller config driven through neutrón api. Nicira approach today is to add ovs certificates onto ovs controller manually.
On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <[email protected]> wrote: > > Hi, > > Using OVS Quantum Plugin and agent, it is possible to configure OVS with > > Openflow logical switches. > Tables > Ports to the logical switches (VLAN, VXLAN, GRE etc..) > > OVS Agent in each compute node uses local ovs-vsctl command to configure above. > > But, there is no simple way for Openstack quantum to configure OVS in compute nodes with OF controller IP address, TCP Port, SSL Certificates etc.. > Also, there is no mechanism today to get hold of DPID of the OVS logical switches by Openstack controller. > > Do you think that it is good to enhance Openstack OVS Quantum Plugin and agent to pass above information? > > At very high level, we are thinking to introduce following: > > > Configuration of OF Controller reachability information > Quantum extension API though which is used to set following: > Set of Openflow controllers - For each OF controller > IP address, Port > SSL Enabled Yes/No. > If SSL enabled > CA certificate chain to validate OF controller identification by the OVS. > Zone/Cell for which this OF controller is applicable for. > Changes to QuantumClient to configure above. > OVS Quantum Plugin to store above information in the database. > OVS Quantum Agent to Plugin communication to get hold of OF controller information. > OVS Quantum Agent to add the information in OVS using ovs-vsctl. > Generation of logical switch certificates > OVS Quantum agent requests the plugin to generate local certificate and private key for each one of the logical switches > Agent to send DPID > Plugin to generate certificate & private key pair and sending them as response. > Plugin configuration file to have CA certificate to use to sign the logical switch certificates. > > > Does that make sense? Is this work going on somewhere else? > > Thanks > Srini > > > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
