Changes between Version 40 and Version 41 of OpenFlow/FOAM
- Timestamp:
- 02/05/13 14:11:01 (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
OpenFlow/FOAM
v40 v41 29 29 == System requirements == 30 30 31 FOAM is fairly lightweight, and can run on the same system as the FlowVisor that it uses, without additional hardware requirements. You can also run it on a separate system for isolation purposes, e.g. so that if you need to reboot the FOAM server, that doesn't affectFlowVisor.31 FOAM is fairly lightweight, and can run on the same system as the !FlowVisor that it uses, without additional hardware requirements. You can also run it on a separate system for isolation purposes, e.g. so that if you need to reboot the FOAM server, that doesn't affect !FlowVisor. 32 32 33 33 == Version == … … 39 39 == Initial configuration == 40 40 41 The GPO has a variety of recommendations for configuring FOAM. We strongly encourage GENI sites to do all of these things. 42 43 === Administrative e-mail === 44 41 45 When you install FOAM for the first time (i.e. not an upgrade to an existing installation), you should configure its ability to send you administrative e-mail; those steps are part of the official [https://openflow.stanford.edu/display/FOAM/0.8.x+Install+Guide FOAM 0.8 install guide]. 42 46 47 === Admin password === 48 43 49 We typically put the FOAM admin password into /etc/foam.passwd, so you don't have to type it every time you run a foamctl command. Make sure that it's only readable by people who should have full admin access to FOAM on your system! (World-readable might be fine if only FOAM admins have accounts on your FOAM server; or you might want to make it only group-readable by a group that includes the FOAM admins.) The examples on the rest of this page assume that you've done that. 44 50 45 You'll then need to configure FOAM to point to your FlowVisor, which you can do interactively with {{{foamctl config:set-flowvisor-info}}}, or non-interactively like this (with values that work for your installation): 51 === !FlowVisor configuration === 52 53 You'll then need to configure FOAM to point to your !FlowVisor, which you can do interactively with {{{foamctl config:set-flowvisor-info}}}, or non-interactively like this (with values that work for your installation): 46 54 47 55 {{{ … … 50 58 }}} 51 59 60 === Site tag === 61 52 62 In order to work smoothly with GENI monitoring, you'll also need to set your site tag to a name that resolves, in DNS, to the system where your FOAM server runs (i.e. the hostname part of the GENI AM API URL). It defaults to the system's FQDN, and that's fine if you don't want to change it. You can also change it to something more abstract, like a CNAME such as "foam.gpolab.bbn.com", which is what we do. To change it, use a command like this, replacing the "value=" part with a good value for your site: 53 63 … … 56 66 }}} 57 67 58 You should then install and configure the FOAM monitoring package; we have a separate [wiki:PlasticSlices/MonitoringRecommendations/FoamConfiguration guide] for that. 59 60 Finally, for GENI purposes, we recommend also configuring your admin e-mail (which causes it to show up in sliverstatus), and max lease: 68 === Monitoring === 69 70 You should then install and configure the FOAM monitoring package; we have a separate [wiki:TangoGeniMonitoring/FoamConfiguration guide] for that. 71 72 For GENI purposes, we recommend also configuring your admin e-mail (which causes it to show up in sliverstatus), and max lease: 61 73 62 74 * The admin e-mail setting should generally be the same address you used when you set up e-mail. We use foam-admin@gpolab.bbn.com (a list with a couple of admins on it) at BBN. … … 68 80 foamctl config:set-value --key="site.admin.email" --value="foam-admin@gpolab.bbn.com" --passwd-file=/etc/foam.passwd 69 81 foamctl config:set-value --key="geni.max-lease" --value=9000 --passwd-file=/etc/foam.passwd 82 }}} 83 84 === Version holding === 85 86 Finally, we also recommend telling dpkg to hold FOAM and !FlowVisor at their current versions, so that if you do a general upgrade of all of the packages on your system, they won't get updated along with that, but will only update when you explicitly say so. To do that on Ubunutu: 87 88 {{{ 89 /bin/echo "foam hold" | /usr/bin/dpkg --set-selections 90 /bin/echo "flowvisor hold" | /usr/bin/dpkg --set-selections 70 91 }}} 71 92 … … 181 202 FOAM sends e-mail about new slivers to the FOAM admin e-mail address that you configured when you set up FOAM. If further communication about a sliver request is needed, we copy that address on the e-mail, so that everyone will see it. We also send mail to to that address when we approve or reject the sliver (or if we review the request and we're not sure whether to approve or reject it), so everyone knows who did it. 182 203 183 If a sliver is automatically approved, FOAM will also send mail when that happens. If the automatic approval fails (e.g. because FlowVisor is down, because the new sliver uses the same controller as an existing sliver, etc), the admin *won't* get mail; https://openflow.stanford.edu/bugs/browse/FOAM-288 is tracking that bug in FOAM.204 If a sliver is automatically approved, FOAM will also send mail when that happens. If the automatic approval fails (e.g. because !FlowVisor is down, because the new sliver uses the same controller as an existing sliver, etc), the admin *won't* get mail; https://openflow.stanford.edu/bugs/browse/FOAM-288 is tracking that bug in FOAM. 184 205 185 206 If a sliver isn't automatically approved, it'll show up in the pending queue, and have pend_reason set to some text explaining why the sliver wasn't automatically approved. There's also a nightly cron job that sends a reminder message to the FOAM admin address about the slivers in the pending queue; you should generally either approve them, reject them, or contact the experimenter if you need more information before making a decision. … … 348 369 FOAM's database stores information about the !FlowVisor it manages, including its hostname and password. If you want to change that !FlowVisor's fvadmin password, you need to change it both in FV itself, and also in FOAM. 349 370 350 === Change the fvadmin password in FlowVisor === 351 352 First, change the password in Flowvisor. NOTE that this procedure differs depending on whether you're running FV 0.8.1.2 or 0.8.17; only do one of the following! 353 354 For FV 0.8.1.2, use fvconfig; NOTE that this requires an outage, as you need to stop and restart FlowVisor: 355 356 {{{ 357 sudo service flowvisor stop 358 sudo -u openflow fvconfig chpasswd /etc/flowvisor/config.xml fvadmin 359 (enter the new password, twice) 360 sudo service flowvisor start 361 }}} 362 363 '''OR''' 364 365 For FV 0.8.17 or later, use fvctl; this does not cause an outage: 371 First, change the password in Flowvisor: 366 372 367 373 {{{ … … 370 376 }}} 371 377 372 === Update /etc/flowvisor/fvpsaswd === 373 374 In either case, update /etc/flowvisor.passwd to contain the new password when you're done. 375 376 === Change the fvadmin password in FOAM === 377 378 Change the password in FOAM: 378 Then update /etc/flowvisor.passwd to contain the new password. 379 380 Finally, change the password in FOAM: 379 381 380 382 {{{