Changes between Version 22 and Version 23 of OpenFlow/FOAM
- Timestamp:
- 07/17/12 11:28:52 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
OpenFlow/FOAM
v22 v23 5 5 FOAM is an OpenFlow aggregate manager, which sites in GENI use to allow experimenters to allocate !OpenFlow resources. 6 6 7 https://openflow.stanford.edu/display/FOAM has more information about FOAM (from the official site at Stanford), including [https://openflow.stanford.edu/display/FOAM/ Install+Guide installation instructions], [https://openflow.stanford.edu/display/FOAM/FAQ a FAQ] with common error messages (for both experimenters and admins), etc.7 https://openflow.stanford.edu/display/FOAM has more information about FOAM (from the official site at Stanford), including [https://openflow.stanford.edu/display/FOAM/0.8.x+Install+Guide installation instructions], [https://openflow.stanford.edu/display/FOAM/FAQ a FAQ] with common error messages (for both experimenters and admins), etc. 8 8 9 9 = Info for experimenters = … … 17 17 == Getting your sliver approved == 18 18 19 If you allocate a shared resource that connects to an !OpenFlow aggregate (e.g. a MyPLC plnode or ProtoGENI host), you'll typically also need to reserve some !OpenFlow resources. When you do this, your reservation request may be held for approval, and a local FOAM admin needs to approve your request before your sliver actually becomes live. You should get e-mail from FOAM when your sliver is created, and another message when it's been approved; if you don't hear back, you may be able to reach a FOAM admin by replying to that message.20 21 Make sure that you also provide a '''valid email address''' in your rspec so that you can get the notifications about status changes of your !OpenFlow sliver. 19 If you allocate a shared resource that connects to an !OpenFlow aggregate (e.g. a MyPLC plnode or ProtoGENI host), you'll typically also need to reserve some !OpenFlow resources. When you do this, your reservation request may be held for approval, in which case a local FOAM admin will need to approve your request before your sliver actually becomes live. You should get e-mail from FOAM when your sliver is created, and another message when it's been approved; if you don't hear back, you may be able to reach a FOAM admin by replying to that message (or to the contact information in the body of the message). 20 21 As of FOAM 0.8, FOAM can read your e-mail address from your slice credential. If that address is valid, then you don't need to include an e-mail address in your rspec, but make sure it is! If it isn't, make sure that you also provide a valid email address in your rspec so that you can get the notifications about status changes of your !OpenFlow sliver. 22 22 23 23 If you're setting up a multi-campus topology, note that your sliver will need to be approved separately at each FOAM aggregate. … … 29 29 == Version == 30 30 31 The GPO currently recommends version 0.6.4 (the latest stable release) for GENI sites. 31 The GPO currently recommends version 0.8.1 (the latest stable release) for GENI sites. There are many changes from 0.8 to 0.6, and we recommend working with the GPO to help the upgrade process go smoothly. Contact us at gpo-infra@geni.net and we'll be happy to help! 32 33 NOTE that much of this page is FOAM 0.8 specific. http://groups.geni.net/geni/wiki/OpenFlow/FOAM?version=22 has the last 0.6 specific version. 32 34 33 35 == Advisories == 34 36 35 37 Here are some things that FOAM admins should be aware of and watch out for. 36 37 === Administrative list-resources blocks other FOAM operations ===38 39 In FOAM 0.6, an administrative list-resources call locks the FOAM database, and thus blocks other FOAM operations. If an experimenter tries to use FOAM while this is happening, they'll get a "database is locked" error; if they retry, it should work. (If the error persists, something else is probably wrong.)40 41 The FOAM monitoring code (from the 'tango-monitor-foam' package) does an administrative list-slivers whenever it runs, and it runs once per minute by default, so there's small window each minute (a second or two) when this can happen.42 43 This issue is being tracked in [https://openflow.stanford.edu/bugs/browse/FOAM-227 JIRA ticket FOAM-227], and should be fixed in FOAM 0.8.44 38 45 39 === Rspecs that include both cross-connect ports === … … 59 53 60 54 We don't currently think that there's a valid use case for an experimenter wanting to specify a match at one layer without specifying the protocol at a lower layer, but will amend this advisory if we encounter one. 55 56 === Administrative list-resources blocks other FOAM operations === 57 58 In FOAM 0.6, an administrative list-resources call locks the FOAM database, and thus blocks other FOAM operations. If an experimenter tries to use FOAM while this is happening, they'll get a "database is locked" error; if they retry, it should work. (If the error persists, something else is probably wrong.) 59 60 The FOAM monitoring code (from the 'tango-monitor-foam' package) does an administrative list-slivers whenever it runs, and it runs once per minute by default, so there's small window each minute (a second or two) when this can happen. 61 62 This issue is fixed in FOAM 0.8. 61 63 62 64 == Sliver approval workflow == … … 85 87 86 88 {{{ 87 foamctl approve-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd89 foamctl geni:approve-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 88 90 }}} 89 91 … … 91 93 92 94 {{{ 93 foamctl reject-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd95 foamctl geni:reject-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 94 96 }}} 95 97 … … 100 102 == Managing FOAM slivers == 101 103 102 https://openflow.stanford.edu/display/FOAM/foamctl+Guide is the official guide to foamctl, and describes in detail everything that it can do. Here are some specific commands that we've found useful for performing common tasks. 104 https://openflow.stanford.edu/display/FOAM/foamctl+Guide is the official guide to foamctl, and describes in detail everything that it can do. (NOTE: As of 2012-07-17, this guide was FOAM 0.6 specific, and marked as a "legacy document". [https://openflow.stanford.edu/bugs/browse/FOAM-160 FOAM-160] is tracking the task of updating it.) 105 106 Here are some specific commands that we've found useful for performing common tasks. 103 107 104 108 These commands all assume that you're running them on the FOAM server, and that you have a file /opt/foam/etc/foampasswd, containing the FOAM admin password. … … 106 110 === Get a list of slivers === 107 111 108 Pending ones :109 110 {{{ 111 foamctl list-slivers -s Pending --passwd-file=/opt/foam/etc/foampasswd112 Pending ones (this is essentially "the queue" of slivers that are awaiting admin action): 113 114 {{{ 115 foamctl geni:list-slivers -s Pending --passwd-file=/opt/foam/etc/foampasswd 112 116 }}} 113 117 … … 115 119 116 120 {{{ 117 foamctl list-slivers --passwd-file=/opt/foam/etc/foampasswd121 foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd 118 122 }}} 119 123 … … 124 128 }}} 125 129 126 (with the actual URN of course), the rest of these commands will then work as-is .130 (with the actual URN of course), the rest of these commands will then work as-is -- or you can find a sliver from a slice name, see below. 127 131 128 132 Deleted ones: 129 133 130 134 {{{ 131 foamctl list-slivers -d --passwd-file=/opt/foam/etc/foampasswd135 foamctl geni:list-slivers --deleted --passwd-file=/opt/foam/etc/foampasswd 132 136 }}} 133 137 … … 137 141 138 142 {{{ 139 foamctl list-slivers --passwd-file=/opt/foam/etc/foampasswd | egrep sliver_urn.+exampleslice143 foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd | egrep sliver_urn.+exampleslice 140 144 }}} 141 145 … … 143 147 144 148 {{{ 145 slicename=exampleslice ; sliver_urn=$(foamctl list-slivers --passwd-file=/opt/foam/etc/foampasswd | egrep sliver_urn.+$slicename | sed -e 's/ *"sliver_urn": "\(.*\)".*/\1/') ; flowvisor_slice=$(echo $sliver_urn | awk -F : '{print $NF}') 146 }}} 149 slicename=exampleslice ; sliver_urn=$(foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd | egrep sliver_urn.+$slicename | sed -e 's/ *"sliver_urn": "\(.*\)".*/\1/') ; flowvisor_slice=$(echo $sliver_urn | awk -F : '{print $NF}') 150 }}} 151 152 Replace "exampleslice" with a string to egrep for. Choose something that's unique to the slice; note that if the string contains egrep regexp type characters, like * or +, you'll need to backslash those. 147 153 148 154 The rest of these commands assume that you've used that (or something similar) to set $sliver_urn. … … 151 157 152 158 {{{ 153 foamctl show-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd159 foamctl geni:show-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 154 160 }}} 155 161 … … 157 163 158 164 {{{ 159 foamctl show-sliver -r -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd165 foamctl geni:show-sliver -r -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 160 166 }}} 161 167 … … 163 169 164 170 {{{ 165 foamctl show-sliver -s -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd171 foamctl geni:show-sliver -s -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 166 172 }}} 167 173 … … 169 175 170 176 {{{ 171 foamctl show-sliver -f -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd177 foamctl geni:show-sliver -f -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 172 178 }}} 173 179 174 180 === Approve a sliver === 175 181 176 This marks a sliver in FOAM as Approved, and adds a FV slice and flowspace rules for it to the !FlowVisor.177 178 {{{ 179 foamctl approve-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd182 This marks a sliver in FOAM as Pending, and adds its FV slice and flowspace rules for it to the !FlowVisor (if it wasn't already). 183 184 {{{ 185 foamctl geni:approve-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 180 186 }}} 181 187 182 188 === Disable a sliver === 183 189 184 This marks a sliver in FOAM as Pending, and removes a FV slice and flowspace rules for it from the !FlowVisor.185 186 {{{ 187 foamctl disable-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd190 This marks a sliver in FOAM as Pending, and removes its FV slice and flowspace rules for it from the !FlowVisor (if there were any). 191 192 {{{ 193 foamctl geni:disable-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 188 194 }}} 189 195 190 196 === Reject a sliver === 191 197 192 This marks a sliver in FOAM as Rejected, and removes a FV slice and flowspace rules for it from the !FlowVisor.193 194 {{{ 195 foamctl reject-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd198 This marks a sliver in FOAM as Rejected, and removes its FV slice and flowspace rules for it from the !FlowVisor (if there were any). 199 200 {{{ 201 foamctl geni:reject-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 196 202 }}} 197 203 198 204 === Delete a sliver === 199 205 200 This disables a sliver, and marks it as deleted, just like the GENI AM API !DeleteSliver call .201 202 {{{ 203 foamctl delete-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd206 This disables a sliver, and marks it as deleted, just like the GENI AM API !DeleteSliver call, and removes its FV slice and flowspace rules for it from the !FlowVisor (if there were any). 207 208 {{{ 209 foamctl geni:delete-sliver -u $sliver_urn --passwd-file=/opt/foam/etc/foampasswd 204 210 }}} 205 211 … … 214 220 oldsliver=<old sliver URN> 215 221 newsliver=<new sliver URN> 216 foamctl show-sliver -s-u $oldsliver --passwd-file=/opt/foam/etc/foampasswd > old.txt217 foamctl show-sliver -s-u $newsliver --passwd-file=/opt/foam/etc/foampasswd > new.txt222 foamctl geni:show-sliver -r -u $oldsliver --passwd-file=/opt/foam/etc/foampasswd > old.txt 223 foamctl geni:show-sliver -r -u $newsliver --passwd-file=/opt/foam/etc/foampasswd > new.txt 218 224 diff -u old.txt new.txt 219 225 }}} … … 221 227 In the case of someone who deleted and then re-created a sliver, you could get the sliver URNs from the e-mail from FOAM, for example. 222 228 223 We use 'show-sliver -s' because '-r' doesn't work at all on deleted slivers; and '-f' includes a priority value for approved slivers but not non-approved slivers, which clutters up the diff.229 You can also use 'geni:show-sliver -s' to show flowspaces instead, which have the advantage of not including any comments or other formatting in the experimenter's rspec, but are a less familiar format for most admins. 224 230 225 231 == Slice Authority trust configuration == … … 228 234 229 235 {{{ 230 sudo foamctl bundle-certs236 sudo foamctl geni:bundle-certs 231 237 sudo service foam restart 232 238 sudo service nginx restart … … 235 241 In particular, GENI mesoscale deployments should trust the pgeni.gpolab.bbn.com SA; the official FOAM installation guide includes this step, or you can get the cert from http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem if you need it. 236 242 237 == Changing FlowVisor password in FOAM == 238 239 FOAM's database stores information about FV, including its hostname and password. If you want to change FV's password, you need to change it both in FV itself, and also in FOAM. 240 * Change the password in FlowVisor: this assumes `/etc/flowvisor/config.xml` FlowVisor's config, and is owned by user `openflow`: 241 * Change the password in flowvisor's config: 243 == Changing the !FlowVisor password == 244 245 FOAM's database stores information about the !FlowVisor it manages, including its hostname and password. If you want to change that !FlowVisor's password, you need to change it both in FV itself, and also in FOAM. 246 247 * Change the password in !FlowVisor: this assumes `/etc/flowvisor/config.xml` !FlowVisor's config, and is owned by user `openflow`: 248 * Change the password in !FlowVisor's config: 242 249 {{{ 243 250 $ sudo service flowvisor stop … … 251 258 $ sudo vi /etc/flowvisor/fvpasswd 252 259 }}} 253 * Change the password in FOAM. Future versions of foamctl will support the `config:set-flowvisor-info` command. If you are running foam-0.6.3, that command doesn't exist yet, so you'll need to use a helper script which invokes curl to talk to FOAM: 254 * Copy the script `change_foam_fvinfo.py` from [https://openflow.stanford.edu/display/FOAM/Scripts+for+admins] on your foam 255 * Ask FOAM for the current FlowVisor information, so you can set any fields you do not want to change to the same values again: 256 {{{ 257 $ foamctl get-config --key="flowvisor_info" --passwd-file=/opt/foam/etc/foampasswd 258 { 259 "value": { 260 "passwd": "<old_fv_passwd>", 261 "xmlrpc_port": 8080, 262 "host": "<old_fv_host>", 263 "json_port": 8081 264 } 265 } 266 }}} 267 * Invoke that script to set FOAM's FlowVisor info the same way you would on an initial install: 268 {{{ 269 $ python change_foam_fvinfo.py --passwd-file=/opt/foam/etc/foampasswd 270 FlowVisor Hostname: <old_fv_host> 271 FlowVisor XMLRPC Port [8080]: 272 FlowVisor JSON RPC Port [8081]: 273 fvadmin user password: 274 { 275 "status": "success" 276 } 277 }}} 278 * Restart FOAM: 279 {{{ 280 $ sudo service foam restart 260 * Change the password in FOAM: 261 {{{ 262 foamctl config:set-value --key="flowvisor.passwd" --value="$(cat /etc/flowvisor/fvpasswd)" --passwd-file=/opt/foam/etc/foampasswd 281 263 }}} 282 264