| | 1 | [[PageOutline]] |
| | 2 | |
| | 3 | !OpenFlow aggregates in GENI are migrating to FOAM from Expedient. |
| | 4 | |
| | 5 | = Info for experimenters = |
| | 6 | |
| | 7 | The following sections are mostly of interest to GENI experimenters. |
| | 8 | |
| | 9 | == Getting your sliver approved == |
| | 10 | |
| | 11 | If you allocate a shared resource that connects to an !OpenFlow aggregate (e.g. a MyPLC plnode or ProtoGENI host), you'll typically also need to reserve some !OpenFlow resources. When you do this, your reservation request may be held for approval, and a local FOAM admin needs to approve your request before your sliver actually becomes live. The FOAM admin isn't (yet) notified of your request, so you'll usually want to contact them to ask them to opt in your sliver. |
| | 12 | |
| | 13 | If you're setting up a multi-campus topology, we recommend writing to response-team@geni.net, which will reach all of the campus FOAM admins (as well as other GENI resource admins), so everyone will know what you're doing. |
| | 14 | |
| | 15 | If you only need to create a sliver at one site, here's a list of FOAM aggregates, and contact info for the admins: |
| | 16 | |
| | 17 | || '''!OpenFlow Aggregate info page''' || '''FOAM admin''' || |
| | 18 | || [wiki:GeniAggregate/ClemsonOpenFlow Clemson] || openflow_help-L@clemson.edu || |
| | 19 | || [wiki:GeniAggregate/GeorgiaTechOpenFlow Georgia Tech] || Russ.Clark@gatech.edu || |
| | 20 | || [wiki:GeniAggregate/GpoLabOpenFlow GPO Lab] || gpo-infra@geni.net || |
| | 21 | || [wiki:GeniAggregate/IndianaOpenFlow Indiana] || meylor@grnoc.iu.edu || |
| | 22 | || [wiki:GeniAggregate/RutgersOpenFlow Rutgers] || seskar@winlab.rutgers.edu || |
| | 23 | || [wiki:GeniAggregate/StanfordOpenFlow Stanford] || deployment-help@openflowswitch.org || |
| | 24 | || [wiki:GeniAggregate/WashingtonOpenFlow Washington] || balkan@cs.washington.edu || |
| | 25 | || [wiki:GeniAggregate/WisconsinOpenFlow Wisconsin] || agember@cs.wisc.edu || |
| | 26 | || || || |
| | 27 | || [wiki:GeniAggregate/I2OpenFlow Internet2] || geni-openflow@internet2.edu || |
| | 28 | || [wiki:GeniAggregate/NLROpenFlow NLR] || openflow@nlr.net || |
| | 29 | |
| | 30 | = Info for admins = |
| | 31 | |
| | 32 | The following sections are mostly of interest to FOAM admins. |
| | 33 | |
| | 34 | == Moving orphaned Expedient-created FV slices to FOAM slivers == |
| | 35 | |
| | 36 | If you've shut down Expedient and brought up FOAM, you may have !FlowVisor slices that were created by Expedient, which are now essentially orphaned. For each of those FV slices, its owner should create an OpenFlow v3 rspec (the format FOAM uses), and create a new sliver in FOAM. You can then verify that the new sliver looks right, manually delete their old sliver, and approve the new one. |
| | 37 | |
| | 38 | Here's an example, of migrating the jbs15 and jbs16 slivers at BBN. |
| | 39 | |
| | 40 | Check to see that the new slivers are there in FOAM, awaiting approval: |
| | 41 | |
| | 42 | {{{ |
| | 43 | +$ foamctl list-slivers -s Pending --passwd-file=/opt/foam/etc/foampasswd |
| | 44 | { |
| | 45 | "slivers": [ |
| | 46 | { |
| | 47 | "status": "Pending", |
| | 48 | "flowvisor_slice": "8d32974c-5a1b-4ebf-8c5f-097c9c64cf8d", |
| | 49 | "deleted": "False", |
| | 50 | "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs15", |
| | 51 | "enabled": false, |
| | 52 | "id": 1, |
| | 53 | "expiration": "2011-10-19 02:56:32.798032", |
| | 54 | "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs15:8d32974c-5a1b-4ebf-8c5f-097c9c64cf8d", |
| | 55 | "email": "jbs@bbn.com", |
| | 56 | "desc": "The controller on naxos:33015, for jbs15." |
| | 57 | }, |
| | 58 | { |
| | 59 | "status": "Pending", |
| | 60 | "flowvisor_slice": "d82dae58-5de5-4caa-b458-46ee130462d0", |
| | 61 | "deleted": "False", |
| | 62 | "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs16", |
| | 63 | "enabled": false, |
| | 64 | "id": 2, |
| | 65 | "expiration": "2011-10-19 02:56:51.263455", |
| | 66 | "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs16:d82dae58-5de5-4caa-b458-46ee130462d0", |
| | 67 | "email": "jbs@bbn.com", |
| | 68 | "desc": "The controller on naxos:33016, for jbs16." |
| | 69 | } |
| | 70 | ] |
| | 71 | } |
| | 72 | }}} |
| | 73 | |
| | 74 | Identify the Expedient-created FV slices: |
| | 75 | |
| | 76 | {{{ |
| | 77 | +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices | grep jbs15 |
| | 78 | Slice 8: jbs15-naxos-33015_ID__tulum_gpolab_bbn_com_133 |
| | 79 | |
| | 80 | +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo jbs15-naxos-33015_ID__tulum_gpolab_bbn_com_133 |
| | 81 | Got reply: |
| | 82 | connection_2=06:d6:00:24:a8:c4:b9:00-->/192.1.249.23:45621-->naxos.gpolab.bbn.com/192.1.249.133:33015 |
| | 83 | connection_1=06:d6:00:12:e2:b8:a5:d0-->/192.1.249.23:45563-->naxos.gpolab.bbn.com/192.1.249.133:33015 |
| | 84 | contact_email=jbs@bbn.com |
| | 85 | controller_hostname=naxos.gpolab.bbn.com |
| | 86 | controller_port=33015 |
| | 87 | creator=fvadmin |
| | 88 | |
| | 89 | +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices | grep jbs16 |
| | 90 | Slice 16: jbs16-naxos-33016_ID__tulum_gpolab_bbn_com_106 |
| | 91 | |
| | 92 | +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo jbs16-naxos-33016_ID__tulum_gpolab_bbn_com_106 |
| | 93 | Got reply: |
| | 94 | connection_2=06:d6:00:24:a8:c4:b9:00-->/192.1.249.23:36076-->naxos.gpolab.bbn.com/192.1.249.133:33016 |
| | 95 | connection_1=06:d6:00:12:e2:b8:a5:d0-->/192.1.249.23:36018-->naxos.gpolab.bbn.com/192.1.249.133:33016 |
| | 96 | contact_email=jbs@bbn.com |
| | 97 | controller_hostname=naxos.gpolab.bbn.com |
| | 98 | controller_port=33016 |
| | 99 | creator=fvadmin |
| | 100 | }}} |
| | 101 | |
| | 102 | Delete those: |
| | 103 | |
| | 104 | {{{ |
| | 105 | +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd deleteSlice jbs16-naxos-33016_ID__tulum_gpolab_bbn_com_106 |
| | 106 | success! |
| | 107 | |
| | 108 | +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd deleteSlice jbs15-naxos-33015_ID__tulum_gpolab_bbn_com_133 |
| | 109 | success! |
| | 110 | }}} |
| | 111 | |
| | 112 | Approve the new FOAM slivers: |
| | 113 | |
| | 114 | {{{ |
| | 115 | +$ slicename=jbs15 ; sliver_urn=$(foamctl list-slivers --passwd-file=/opt/foam/etc/foampasswd | egrep sliver_urn.+$slicename | sed -e 's/ *"sliver_urn": "\(.*\)".*/\1/') ; flowvisor_slice=$(echo $sliver_urn | awk -F : '{print $NF}') |
| | 116 | +$ foamctl approve-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd |
| | 117 | |
| | 118 | +$ slicename=jbs16 ; sliver_urn=$(foamctl list-slivers --passwd-file=/opt/foam/etc/foampasswd | egrep sliver_urn.+$slicename | sed -e 's/ *"sliver_urn": "\(.*\)".*/\1/') ; flowvisor_slice=$(echo $sliver_urn | awk -F : '{print $NF}') |
| | 119 | +$ foamctl approve-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd |
| | 120 | }}} |
| | 121 | |
| | 122 | And voila. |
| | 123 | |
| | 124 | == Slice Authority trust configuration == |
| | 125 | |
| | 126 | You may want to configure FOAM to trust user certificates signed by additional Slice Authorities. To do that, install the CA cert for the Slice Authority in a file in /opt/foam/etc/gcf-ca-certs, and then rebuild the nginx CA cert bundle and restart FOAM and nginx: |
| | 127 | |
| | 128 | {{{ |
| | 129 | sudo foamctl bundle-certs |
| | 130 | sudo service foam restart |
| | 131 | sudo service nginx restart |
| | 132 | }}} |
| | 133 | |
| | 134 | In particular, campus mesoscale deployments may want to trust the pgeni.gpolab.bbn.com SA; you can get the cert from http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem. |
