Skip to content

Commit

Permalink
Enable ssl for scale test which includes:
Browse files Browse the repository at this point in the history
1. HVs ovn-controller talk to southbound db via ssl on port 6642
2. Starting and setting of southbound and northbound dbs with pssl on ports
   6642 and 6641 respectively.
3. Set inactivity_probe=0 on southbound db to avoid HVs ovn-controller
throwing ssl connection errors and exiting the cluster.
  • Loading branch information
aginwala committed Mar 25, 2018
1 parent 4858ea6 commit 43062db
Show file tree
Hide file tree
Showing 5 changed files with 121 additions and 41 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -98,13 +98,18 @@ def deploy(self):
ovs_user = self.config.get("ovs_user", OVS_USER)
ovs_controller_cidr = self.config.get("controller_cidr")
net_dev = self.config.get("net_dev", "eth0")
ssl = self.config.get("enable_ssl", False)

# start ovn controller with non-root user
ovs_server = get_updated_server(server, user=ovs_user)

cmd = "./ovs-sandbox.sh --controller --ovn \
--controller-ip %s --device %s;" % \
(ovs_controller_cidr, net_dev)
if ssl:
cmd = "./ovs-sandbox.sh --controller --ovn \
--controller-ip %s --device %s --ssl;" % \
(ovs_controller_cidr, net_dev)
else:
cmd = "./ovs-sandbox.sh --controller --ovn \
--controller-ip %s --device %s;" % \
(ovs_controller_cidr, net_dev)

if install_method == "docker":
LOG.info("Do not run ssh; deployed by ansible-docker")
Expand Down
Binary file not shown.
133 changes: 100 additions & 33 deletions rally_ovs/plugins/ovs/deployment/engines/ovs/ovs-sandbox.sh
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ Other options:
--cleanup=SANDBOX Cleanup the sandbox
--cleanup-all Cleanup all sandboxes
--graceful Graceful cleanup/stop sandbox
--ssl Enable ssl
EOF
exit 0
;;
Expand Down Expand Up @@ -169,6 +171,9 @@ EOF
-D|--device)
prev=device
;;
--ssl)
enable_ssl=true
;;
-*)
echo "unrecognized option $option (use --help for help)" >&2
exit 1
Expand Down Expand Up @@ -650,31 +655,67 @@ OVN_SB_DB=unix:$sandbox/db-sb.sock; export OVN_SB_DB
EOF
. $sandbox_name/sandbox.rc

# Northbound db server
prog_name='ovsdb-server-nb'
run_service $prog_name ovsdb-server --detach --no-chdir \
--pidfile=$prog_name.pid \
--unixctl=$prog_name.ctl \
-vconsole:off -vsyslog:off -vfile:info \
--log-file=$prog_name.log \
--remote=p$OVN_NB_DB \
conf-nb.db ovnnb.db
pid=`cat $sandbox_name/$prog_name.pid`
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl

# Southbound db server
prog_name='ovsdb-server-sb'
run_service $prog_name ovsdb-server --detach --no-chdir \
--pidfile=$prog_name.pid \
--unixctl=$prog_name.ctl \
-vconsole:off -vsyslog:off -vfile:info \
--log-file=$prog_name.log \
--remote="p$OVN_SB_DB" \
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \
conf-sb.db ovnsb.db
pid=`cat $sandbox_name/$prog_name.pid`
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl

if $enable_ssl ; then
# Northbound db server
prog_name='ovsdb-server-nb'
run_service $prog_name ovsdb-server --detach --no-chdir \
--pidfile=$prog_name.pid \
--unixctl=$prog_name.ctl \
-vconsole:off -vsyslog:off -vfile:info \
--log-file=$prog_name.log \
--remote=db:OVN_Northbound,NB_Global,connections \
--private-key=db:OVN_Northbound,SSL,private_key \
--certificate=db:OVN_Northbound,SSL,certificate \
--ca-cert=db:OVN_Northbound,SSL,ca_cert \
--ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols \
--ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers \
--remote=p$OVN_NB_DB ovnnb.db
pid=`cat $sandbox_name/$prog_name.pid`
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl

# Southbound db server
prog_name='ovsdb-server-sb'
run_service $prog_name ovsdb-server --detach --no-chdir \
--pidfile=$prog_name.pid \
--unixctl=$prog_name.ctl \
-vconsole:off -vsyslog:off -vfile:info \
--log-file=$prog_name.log \
--remote=db:OVN_Southbound,SB_Global,connections \
--private-key=db:OVN_Southbound,SSL,private_key \
--certificate=db:OVN_Southbound,SSL,certificate \
--ca-cert=db:OVN_Southbound,SSL,ca_cert \
--ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols \
--ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers \
--remote=p$OVN_SB_DB ovnsb.db
pid=`cat $sandbox_name/$prog_name.pid`
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
else
# Northbound db server
prog_name='ovsdb-server-nb'
run_service $prog_name ovsdb-server --detach --no-chdir \
--pidfile=$prog_name.pid \
--unixctl=$prog_name.ctl \
-vconsole:off -vsyslog:off -vfile:info \
--log-file=$prog_name.log \
--remote=p$OVN_NB_DB \
conf-nb.db ovnnb.db
pid=`cat $sandbox_name/$prog_name.pid`
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl

# Southbound db server
prog_name='ovsdb-server-sb'
run_service $prog_name ovsdb-server --detach --no-chdir \
--pidfile=$prog_name.pid \
--unixctl=$prog_name.ctl \
-vconsole:off -vsyslog:off -vfile:info \
--log-file=$prog_name.log \
--remote="p$OVN_SB_DB" \
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \
conf-sb.db ovnsb.db
pid=`cat $sandbox_name/$prog_name.pid`
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
fi
fi
else
touch "$sandbox"/.conf.db.~lock~
Expand All @@ -694,19 +735,35 @@ EOF

# Initialize database.
if $controller ; then
init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB
init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB
if $enable_ssl ; then
tar -xzvf certs.tar.gz
abs_path=`pwd`/certs
ovn-nbctl set-ssl $abs_path/ovnnb-privkey.pem $abs_path/ovnnb-cert.pem \
$abs_path/cacert.pem
ovn-nbctl set-connection pssl:6641:127.0.0.1
ovn-sbctl set-ssl $abs_path/ovnsb-privkey.pem $abs_path/ovnsb-cert.pem \
$abs_path/cacert.pem
ovn-sbctl set-connection pssl:6642:$CON_IP
ovn-sbctl set conn . inactivity_probe=0
else
init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB
init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB

ovs-vsctl --db=$OVN_SB_DB --no-wait \
-- set open_vswitch . manager_options=@uuid \
-- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0
ovs-vsctl --db=$OVN_SB_DB --no-wait \
-- set open_vswitch . manager_options=@uuid \
-- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0
fi

else
init_ovsdb_server "ovsdb-server" unix:"$sandbox"/db.sock
run ovs-vsctl --no-wait set open_vswitch . system-type="sandbox"

if $ovn ; then
OVN_REMOTE="tcp:$CON_IP:6640"
if $enable_ssl ; then
OVN_REMOTE="ssl:$CON_IP:6642"
else
OVN_REMOTE="tcp:$CON_IP:6640"
fi

ip_addr_add $host_ip $device
SANDBOX_BIND_IP=$host_ip
Expand Down Expand Up @@ -756,9 +813,19 @@ function start_ovn {
--ovnsb-db=$OVN_SB_DB
else
if $ovn ; then
run_service ovn-controller ovn-controller --detach --no-chdir \
--pidfile \
-vconsole:off -vsyslog:off -vfile:info --log-file
if [$enable_ssl = true]; then
tar -xzvf certs.tar.gz
abs_path=`pwd`/certs
run_service ovn-controller ovn-controller \
--private-key=$abs_path/ovn-controller-privkey.pem \
--certificate=$abs_path/ovn-controller-cert.pem \
--ca-cert=$abs_path/cacert.pem --detach --no-chdir \
--pidfile -vconsole:off -vsyslog:off -vfile:info --log-file
else
run_service ovn-controller ovn-controller --detach --no-chdir \
--pidfile \
-vconsole:off -vsyslog:off -vfile:info --log-file
fi
fi
fi
}
Expand Down
1 change: 1 addition & 0 deletions rally_ovs/plugins/ovs/deployment/sandbox.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ def _install_ovs(self, server):
ovs_server = get_updated_server(server, user=ovs_user)
self._put_file(ovs_server, "install.sh")
self._put_file(ovs_server, "ovs-sandbox.sh")
self._put_file(ovs_server, "certs.tar.gz")


cmds = []
Expand Down
15 changes: 11 additions & 4 deletions rally_ovs/plugins/ovs/scenarios/sandbox.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ def _create_sandbox(self, sandbox_create_args):
start_cidr = sandbox_create_args.get("start_cidr")
net_dev = sandbox_create_args.get("net_dev", "eth0")
tag = sandbox_create_args.get("tag", "")
ssl = sandbox_create_args.get("enable_ssl", False)

LOG.info("-------> Create sandbox method: %s" % self.install_method)
install_method = self.install_method
Expand Down Expand Up @@ -159,10 +160,16 @@ def _create_sandbox(self, sandbox_create_args):

cmds = []
for host_ip in host_ip_list:
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
--host-ip %s/%d --device %s" % \
(controller_ip, host_ip, sandbox_cidr.prefixlen,
net_dev)
if ssl:
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
--host-ip %s/%d --device %s --ssl" % \
(controller_ip, host_ip, sandbox_cidr.prefixlen,
net_dev)
else:
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
--host-ip %s/%d --device %s" % \
(controller_ip, host_ip, sandbox_cidr.prefixlen,
net_dev)
cmds.append(cmd)

sandboxes["sandbox-%s" % host_ip] = tag
Expand Down

0 comments on commit 43062db

Please sign in to comment.