-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable ssl for scale test which includes: #154
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -105,6 +105,8 @@ Other options: | |
--cleanup=SANDBOX Cleanup the sandbox | ||
--cleanup-all Cleanup all sandboxes | ||
--graceful Graceful cleanup/stop sandbox | ||
--ssl Enable ssl | ||
EOF | ||
exit 0 | ||
;; | ||
|
@@ -169,6 +171,9 @@ EOF | |
-D|--device) | ||
prev=device | ||
;; | ||
--ssl) | ||
enable_ssl=true | ||
;; | ||
-*) | ||
echo "unrecognized option $option (use --help for help)" >&2 | ||
exit 1 | ||
|
@@ -650,31 +655,67 @@ OVN_SB_DB=unix:$sandbox/db-sb.sock; export OVN_SB_DB | |
EOF | ||
. $sandbox_name/sandbox.rc | ||
|
||
# Northbound db server | ||
prog_name='ovsdb-server-nb' | ||
run_service $prog_name ovsdb-server --detach --no-chdir \ | ||
--pidfile=$prog_name.pid \ | ||
--unixctl=$prog_name.ctl \ | ||
-vconsole:off -vsyslog:off -vfile:info \ | ||
--log-file=$prog_name.log \ | ||
--remote=p$OVN_NB_DB \ | ||
conf-nb.db ovnnb.db | ||
pid=`cat $sandbox_name/$prog_name.pid` | ||
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl | ||
|
||
# Southbound db server | ||
prog_name='ovsdb-server-sb' | ||
run_service $prog_name ovsdb-server --detach --no-chdir \ | ||
--pidfile=$prog_name.pid \ | ||
--unixctl=$prog_name.ctl \ | ||
-vconsole:off -vsyslog:off -vfile:info \ | ||
--log-file=$prog_name.log \ | ||
--remote="p$OVN_SB_DB" \ | ||
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \ | ||
conf-sb.db ovnsb.db | ||
pid=`cat $sandbox_name/$prog_name.pid` | ||
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl | ||
|
||
if $enable_ssl ; then | ||
# Northbound db server | ||
prog_name='ovsdb-server-nb' | ||
run_service $prog_name ovsdb-server --detach --no-chdir \ | ||
--pidfile=$prog_name.pid \ | ||
--unixctl=$prog_name.ctl \ | ||
-vconsole:off -vsyslog:off -vfile:info \ | ||
--log-file=$prog_name.log \ | ||
--remote=db:OVN_Northbound,NB_Global,connections \ | ||
--private-key=db:OVN_Northbound,SSL,private_key \ | ||
--certificate=db:OVN_Northbound,SSL,certificate \ | ||
--ca-cert=db:OVN_Northbound,SSL,ca_cert \ | ||
--ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols \ | ||
--ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers \ | ||
--remote=p$OVN_NB_DB ovnnb.db | ||
pid=`cat $sandbox_name/$prog_name.pid` | ||
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl | ||
|
||
# Southbound db server | ||
prog_name='ovsdb-server-sb' | ||
run_service $prog_name ovsdb-server --detach --no-chdir \ | ||
--pidfile=$prog_name.pid \ | ||
--unixctl=$prog_name.ctl \ | ||
-vconsole:off -vsyslog:off -vfile:info \ | ||
--log-file=$prog_name.log \ | ||
--remote=db:OVN_Southbound,SB_Global,connections \ | ||
--private-key=db:OVN_Southbound,SSL,private_key \ | ||
--certificate=db:OVN_Southbound,SSL,certificate \ | ||
--ca-cert=db:OVN_Southbound,SSL,ca_cert \ | ||
--ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols \ | ||
--ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers \ | ||
--remote=p$OVN_SB_DB ovnsb.db | ||
pid=`cat $sandbox_name/$prog_name.pid` | ||
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl | ||
else | ||
# Northbound db server | ||
prog_name='ovsdb-server-nb' | ||
run_service $prog_name ovsdb-server --detach --no-chdir \ | ||
--pidfile=$prog_name.pid \ | ||
--unixctl=$prog_name.ctl \ | ||
-vconsole:off -vsyslog:off -vfile:info \ | ||
--log-file=$prog_name.log \ | ||
--remote=p$OVN_NB_DB \ | ||
conf-nb.db ovnnb.db | ||
pid=`cat $sandbox_name/$prog_name.pid` | ||
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl | ||
|
||
# Southbound db server | ||
prog_name='ovsdb-server-sb' | ||
run_service $prog_name ovsdb-server --detach --no-chdir \ | ||
--pidfile=$prog_name.pid \ | ||
--unixctl=$prog_name.ctl \ | ||
-vconsole:off -vsyslog:off -vfile:info \ | ||
--log-file=$prog_name.log \ | ||
--remote="p$OVN_SB_DB" \ | ||
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \ | ||
conf-sb.db ovnsb.db | ||
pid=`cat $sandbox_name/$prog_name.pid` | ||
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl | ||
fi | ||
fi | ||
else | ||
touch "$sandbox"/.conf.db.~lock~ | ||
|
@@ -694,19 +735,35 @@ EOF | |
|
||
# Initialize database. | ||
if $controller ; then | ||
init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB | ||
init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why init_ovsdb_server is not needed? |
||
if $enable_ssl ; then | ||
tar -xzvf certs.tar.gz | ||
abs_path=`pwd`/certs | ||
ovn-nbctl set-ssl $abs_path/ovnnb-privkey.pem $abs_path/ovnnb-cert.pem \ | ||
$abs_path/cacert.pem | ||
ovn-nbctl set-connection pssl:6641:127.0.0.1 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why 127.0.0.1? Rally may need to access NB remotely. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So by default it will be localhost where we are setting up controller sandbox. We are not using cluster here. Hence when we run all the nbctl commands too , we source sandbox rc and do it. Once we introduce to spin up clustered db, we can leverage the actual IPs. Not needed now. |
||
ovn-sbctl set-ssl $abs_path/ovnsb-privkey.pem $abs_path/ovnsb-cert.pem \ | ||
$abs_path/cacert.pem | ||
ovn-sbctl set-connection pssl:6642:$CON_IP | ||
ovn-sbctl set conn . inactivity_probe=0 | ||
else | ||
init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB | ||
init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB | ||
|
||
ovs-vsctl --db=$OVN_SB_DB --no-wait \ | ||
-- set open_vswitch . manager_options=@uuid \ | ||
-- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0 | ||
ovs-vsctl --db=$OVN_SB_DB --no-wait \ | ||
-- set open_vswitch . manager_options=@uuid \ | ||
-- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0 | ||
fi | ||
|
||
else | ||
init_ovsdb_server "ovsdb-server" unix:"$sandbox"/db.sock | ||
run ovs-vsctl --no-wait set open_vswitch . system-type="sandbox" | ||
|
||
if $ovn ; then | ||
OVN_REMOTE="tcp:$CON_IP:6640" | ||
if $enable_ssl ; then | ||
OVN_REMOTE="ssl:$CON_IP:6642" | ||
else | ||
OVN_REMOTE="tcp:$CON_IP:6640" | ||
fi | ||
|
||
ip_addr_add $host_ip $device | ||
SANDBOX_BIND_IP=$host_ip | ||
|
@@ -756,9 +813,19 @@ function start_ovn { | |
--ovnsb-db=$OVN_SB_DB | ||
else | ||
if $ovn ; then | ||
run_service ovn-controller ovn-controller --detach --no-chdir \ | ||
--pidfile \ | ||
-vconsole:off -vsyslog:off -vfile:info --log-file | ||
if [$enable_ssl = true]; then | ||
tar -xzvf certs.tar.gz | ||
abs_path=`pwd`/certs | ||
run_service ovn-controller ovn-controller \ | ||
--private-key=$abs_path/ovn-controller-privkey.pem \ | ||
--certificate=$abs_path/ovn-controller-cert.pem \ | ||
--ca-cert=$abs_path/cacert.pem --detach --no-chdir \ | ||
--pidfile -vconsole:off -vsyslog:off -vfile:info --log-file | ||
else | ||
run_service ovn-controller ovn-controller --detach --no-chdir \ | ||
--pidfile \ | ||
-vconsole:off -vsyslog:off -vfile:info --log-file | ||
fi | ||
fi | ||
fi | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -126,6 +126,7 @@ def _create_sandbox(self, sandbox_create_args): | |
start_cidr = sandbox_create_args.get("start_cidr") | ||
net_dev = sandbox_create_args.get("net_dev", "eth0") | ||
tag = sandbox_create_args.get("tag", "") | ||
ssl = sandbox_create_args.get("enable_ssl", False) | ||
|
||
LOG.info("-------> Create sandbox method: %s" % self.install_method) | ||
install_method = self.install_method | ||
|
@@ -159,10 +160,16 @@ def _create_sandbox(self, sandbox_create_args): | |
|
||
cmds = [] | ||
for host_ip in host_ip_list: | ||
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \ | ||
--host-ip %s/%d --device %s" % \ | ||
(controller_ip, host_ip, sandbox_cidr.prefixlen, | ||
net_dev) | ||
if ssl: | ||
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \ | ||
--host-ip %s/%d --device %s --ssl" % \ | ||
(controller_ip, host_ip, sandbox_cidr.prefixlen, | ||
net_dev) | ||
else: | ||
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \ | ||
--host-ip %s/%d --device %s" % \ | ||
(controller_ip, host_ip, sandbox_cidr.prefixlen, | ||
net_dev) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. please abstract out the different part only (--ssl) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. sure |
||
cmds.append(cmd) | ||
|
||
sandboxes["sandbox-%s" % host_ip] = tag | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you abstract the different part only, instead of a big if-else block?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure