Tried on Ubuntu 18.04/16.04, Python 3.6/2.7 with Ryu 4.34
Set up TLS according the latest Ryu readthedocs, using five ovs bridges.
Tested PKI with ovs-testcontroller, everything works.
When using Ryu with same PKI, only the first switch connects, all others fail
citing "no certfile for server side."
I added some print statements to hub.py and controller.py (FUNC, ARGS, KWARGS,
etc..); I've boldfaced the ssl_args for the <first switch> and <second switch>
attempted connections.
Can/does anyone else have this issue?
Thanks,
Will
Starting controller with SSL-enabled connections.
loading app ryu.controller.ofp_handler
instantiating app ryu.controller.ofp_handler of OFPHandler
BRICK ofp_event
CONSUMES EventOFPEchoReply
CONSUMES EventOFPEchoRequest
CONSUMES EventOFPErrorMsg
CONSUMES EventOFPHello
CONSUMES EventOFPPortDescStatsReply
CONSUMES EventOFPPortStatus
CONSUMES EventOFPSwitchFeatures
FUNC <bound method RyuApp._event_loop of <ryu.controller.ofp_handler.OFPHandler
object at 0x7f5ea798f828>>
ARGS ()
KWARGS {}
FUNC <bound method OpenFlowController.server_loop of
<ryu.controller.controller.OpenFlowController object at 0x7f5ea6044780>>
ARGS (6633, 6633)
KWARGS {}
SERVER-LOOP
PORTS 6633 6633
PRIVKEY /home/sdn/pki/ctl-privkey.pem
CTL-CERT /home/sdn/pki/ctl-cert.pem
FUNC <ryu.controller.controller.OpenFlowController object at 0x7f5ea6044780>
ARGS ()
KWARGS {}
SERVER-LOOP
PORTS 6653 6653
PRIVKEY /home/sdn/pki/ctl-privkey.pem
CTL-CERT /home/sdn/pki/ctl-cert.pem
<first switch>
FUNC <function StreamServer.__init__.<locals>.wrap_and_handle at 0x7f5ea6053730>
ARGS (<eventlet.greenio.base.GreenSocket object at 0x7f5ea6044630>,
('172.16.0.200', 37990))
KWARGS {}
SSL_ARGS {'keyfile': '/home/sdn/pki/ctl-privkey.pem', 'certfile':
'/home/sdn/pki/ctl-cert.pem', 'cert_reqs': <VerifyMode.CERT_REQUIRED: 2>,
'ca_certs': '/home/sdn/pki/sc-cacert.pem', 'ssl_ctx':
<eventlet.green.ssl.GreenSSLContext object at 0x7f5ea60e0528>, 'server_side':
True}
connected socket:<eventlet.green.ssl.GreenSSLSocket fd=8,
family=AddressFamily.AF_INET, type=2049, proto=0, laddr=('172.16.0.100', 6653),
raddr=('172.16.0.200', 37990)> address:('172.16.0.200', 37990)
hello ev <ryu.controller.ofp_event.EventOFPHello object at 0x7f5ea60b1e80>
move onto config mode
FUNC <bound method Datapath._send_loop of <ryu.controller.controller.Datapath
object at 0x7f5ea6044438>>
ARGS ()
KWARGS {}
FUNC <bound method Datapath._echo_request_loop of
<ryu.controller.controller.Datapath object at 0x7f5ea6044438>>
ARGS ()
KWARGS {}
switch features ev
version=0x4,msg_type=0x6,msg_len=0x20,xid=0x1b41cde0,OFPSwitchFeatures(auxiliary_id=0,capabilities=79,datapath_id=1188624,n_buffers=256,n_tables=254)
move onto main mode
<second switch>
FUNC <function StreamServer.__init__.<locals>.wrap_and_handle at 0x7f5ea6053730>
ARGS (<eventlet.greenio.base.GreenSocket object at 0x7f5ea60b1eb8>,
('172.16.0.4', 36972))
KWARGS {}
SSL_ARGS {'server_side': True}
hub: uncaught exception: Traceback (most recent call last):
File "/home/wmstout/.local/lib/python3.6/site-packages/ryu/lib/hub.py", line
63, in _launch
return func(*args, **kwargs)
File "/home/wmstout/.local/lib/python3.6/site-packages/ryu/lib/hub.py", line
146, in wrap_and_handle
handle(ssl.wrap_socket(sock, **ssl_args), addr)
File
"/home/wmstout/.local/lib/python3.6/site-packages/eventlet/green/ssl.py", line
415, in wrap_socket
return GreenSSLSocket(sock, *a, **kw)
File
"/home/wmstout/.local/lib/python3.6/site-packages/eventlet/green/ssl.py", line
106, in __init__
ca_certs, do_handshake_on_connect and six.PY2, *args, **kw)
File "/usr/lib/python3.6/ssl.py", line 739, in __init__
raise ValueError("certfile must be specified for server-side "
ValueError: certfile must be specified for server-side operations
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
