Changes between Version 40 and Version 41 of OpenFlow/FOAM


Ignore:
Timestamp:
02/05/13 14:11:01 (11 years ago)
Author:
Josh Smift
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • OpenFlow/FOAM

    v40 v41  
    2929== System requirements ==
    3030
    31 FOAM is fairly lightweight, and can run on the same system as the FlowVisor that it uses, without additional hardware requirements. You can also run it on a separate system for isolation purposes, e.g. so that if you need to reboot the FOAM server, that doesn't affect FlowVisor.
     31FOAM is fairly lightweight, and can run on the same system as the !FlowVisor that it uses, without additional hardware requirements. You can also run it on a separate system for isolation purposes, e.g. so that if you need to reboot the FOAM server, that doesn't affect !FlowVisor.
    3232
    3333== Version ==
     
    3939== Initial configuration ==
    4040
     41The GPO has a variety of recommendations for configuring FOAM. We strongly encourage GENI sites to do all of these things.
     42
     43=== Administrative e-mail ===
     44
    4145When you install FOAM for the first time (i.e. not an upgrade to an existing installation), you should configure its ability to send you administrative e-mail; those steps are part of the official [https://openflow.stanford.edu/display/FOAM/0.8.x+Install+Guide FOAM 0.8 install guide].
    4246
     47=== Admin password ===
     48
    4349We typically put the FOAM admin password into /etc/foam.passwd, so you don't have to type it every time you run a foamctl command. Make sure that it's only readable by people who should have full admin access to FOAM on your system! (World-readable might be fine if only FOAM admins have accounts on your FOAM server; or you might want to make it only group-readable by a group that includes the FOAM admins.) The examples on the rest of this page assume that you've done that.
    4450
    45 You'll then need to configure FOAM to point to your FlowVisor, which you can do interactively with {{{foamctl config:set-flowvisor-info}}}, or non-interactively like this (with values that work for your installation):
     51=== !FlowVisor configuration ===
     52
     53You'll then need to configure FOAM to point to your !FlowVisor, which you can do interactively with {{{foamctl config:set-flowvisor-info}}}, or non-interactively like this (with values that work for your installation):
    4654
    4755{{{
     
    5058}}}
    5159
     60=== Site tag ===
     61
    5262In order to work smoothly with GENI monitoring, you'll also need to set your site tag to a name that resolves, in DNS, to the system where your FOAM server runs (i.e. the hostname part of the GENI AM API URL). It defaults to the system's FQDN, and that's fine if you don't want to change it. You can also change it to something more abstract, like a CNAME such as "foam.gpolab.bbn.com", which is what we do. To change it, use a command like this, replacing the "value=" part with a good value for your site:
    5363
     
    5666}}}
    5767
    58 You should then install and configure the FOAM monitoring package; we have a separate [wiki:PlasticSlices/MonitoringRecommendations/FoamConfiguration guide] for that.
    59 
    60 Finally, for GENI purposes, we recommend also configuring your admin e-mail (which causes it to show up in sliverstatus), and max lease:
     68=== Monitoring ===
     69
     70You should then install and configure the FOAM monitoring package; we have a separate [wiki:TangoGeniMonitoring/FoamConfiguration guide] for that.
     71
     72For GENI purposes, we recommend also configuring your admin e-mail (which causes it to show up in sliverstatus), and max lease:
    6173
    6274 * The admin e-mail setting should generally be the same address you used when you set up e-mail. We use foam-admin@gpolab.bbn.com (a list with a couple of admins on it) at BBN.
     
    6880foamctl config:set-value --key="site.admin.email" --value="foam-admin@gpolab.bbn.com" --passwd-file=/etc/foam.passwd
    6981foamctl config:set-value --key="geni.max-lease" --value=9000 --passwd-file=/etc/foam.passwd
     82}}}
     83
     84=== Version holding ===
     85
     86Finally, we also recommend telling dpkg to hold FOAM and !FlowVisor at their current versions, so that if you do a general upgrade of all of the packages on your system, they won't get updated along with that, but will only update when you explicitly say so. To do that on Ubunutu:
     87
     88{{{
     89/bin/echo "foam hold" | /usr/bin/dpkg --set-selections
     90/bin/echo "flowvisor hold" | /usr/bin/dpkg --set-selections
    7091}}}
    7192
     
    181202FOAM sends e-mail about new slivers to the FOAM admin e-mail address that you configured when you set up FOAM. If further communication about a sliver request is needed, we copy that address on the e-mail, so that everyone will see it. We also send mail to to that address when we approve or reject the sliver (or if we review the request and we're not sure whether to approve or reject it), so everyone knows who did it.
    182203
    183 If a sliver is automatically approved, FOAM will also send mail when that happens. If the automatic approval fails (e.g. because FlowVisor is down, because the new sliver uses the same controller as an existing sliver, etc), the admin *won't* get mail; https://openflow.stanford.edu/bugs/browse/FOAM-288 is tracking that bug in FOAM.
     204If a sliver is automatically approved, FOAM will also send mail when that happens. If the automatic approval fails (e.g. because !FlowVisor is down, because the new sliver uses the same controller as an existing sliver, etc), the admin *won't* get mail; https://openflow.stanford.edu/bugs/browse/FOAM-288 is tracking that bug in FOAM.
    184205
    185206If a sliver isn't automatically approved, it'll show up in the pending queue, and have pend_reason set to some text explaining why the sliver wasn't automatically approved. There's also a nightly cron job that sends a reminder message to the FOAM admin address about the slivers in the pending queue; you should generally either approve them, reject them, or contact the experimenter if you need more information before making a decision.
     
    348369FOAM's database stores information about the !FlowVisor it manages, including its hostname and password. If you want to change that !FlowVisor's fvadmin password, you need to change it both in FV itself, and also in FOAM.
    349370
    350 === Change the fvadmin password in FlowVisor ===
    351 
    352 First, change the password in Flowvisor. NOTE that this procedure differs depending on whether you're running FV 0.8.1.2 or 0.8.17; only do one of the following!
    353 
    354 For FV 0.8.1.2, use fvconfig; NOTE that this requires an outage, as you need to stop and restart FlowVisor:
    355 
    356 {{{
    357 sudo service flowvisor stop
    358 sudo -u openflow fvconfig chpasswd /etc/flowvisor/config.xml fvadmin
    359 (enter the new password, twice)
    360 sudo service flowvisor start 
    361 }}}
    362 
    363 '''OR'''
    364 
    365 For FV 0.8.17 or later, use fvctl; this does not cause an outage:
     371First, change the password in Flowvisor:
    366372
    367373{{{
     
    370376}}}
    371377
    372 === Update /etc/flowvisor/fvpsaswd ===
    373 
    374 In either case, update /etc/flowvisor.passwd to contain the new password when you're done.
    375 
    376 === Change the fvadmin password in FOAM ===
    377 
    378 Change the password in FOAM:
     378Then update /etc/flowvisor.passwd to contain the new password.
     379
     380Finally, change the password in FOAM:
    379381
    380382{{{