Skip to content

Commit 0164770

Browse files
author
aginwala
committed
Enable ssl for scale test which includes:
1. HVs ovn-controller talk to southbound db via ssl on port 6642 2. Starting and setting of southbound and northbound dbs with pssl on ports 6642 and 6641 respectively. 3. Set inactivity_probe=0 on southbound db to avoid ssl connection erros if more HVs are ports are getting added.
1 parent 4858ea6 commit 0164770

File tree

5 files changed

+121
-41
lines changed

5 files changed

+121
-41
lines changed

rally_ovs/plugins/ovs/deployment/engines/ovn_sandbox_controller.py

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -98,13 +98,18 @@ def deploy(self):
9898
ovs_user = self.config.get("ovs_user", OVS_USER)
9999
ovs_controller_cidr = self.config.get("controller_cidr")
100100
net_dev = self.config.get("net_dev", "eth0")
101+
ssl = self.config.get("enable_ssl", False)
101102

102103
# start ovn controller with non-root user
103104
ovs_server = get_updated_server(server, user=ovs_user)
104-
105-
cmd = "./ovs-sandbox.sh --controller --ovn \
106-
--controller-ip %s --device %s;" % \
107-
(ovs_controller_cidr, net_dev)
105+
if ssl:
106+
cmd = "./ovs-sandbox.sh --controller --ovn \
107+
--controller-ip %s --device %s --ssl;" % \
108+
(ovs_controller_cidr, net_dev)
109+
else:
110+
cmd = "./ovs-sandbox.sh --controller --ovn \
111+
--controller-ip %s --device %s;" % \
112+
(ovs_controller_cidr, net_dev)
108113

109114
if install_method == "docker":
110115
LOG.info("Do not run ssh; deployed by ansible-docker")

rally_ovs/plugins/ovs/deployment/engines/ovs/certs.tar.gz

8.71 KB
Binary file not shown.

rally_ovs/plugins/ovs/deployment/engines/ovs/ovs-sandbox.sh

Lines changed: 100 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,8 @@ Other options:
105105
--cleanup=SANDBOX Cleanup the sandbox
106106
--cleanup-all Cleanup all sandboxes
107107
--graceful Graceful cleanup/stop sandbox
108+
--ssl Enable ssl
109+
108110
EOF
109111
exit 0
110112
;;
@@ -169,6 +171,9 @@ EOF
169171
-D|--device)
170172
prev=device
171173
;;
174+
--ssl)
175+
enable_ssl=true
176+
;;
172177
-*)
173178
echo "unrecognized option $option (use --help for help)" >&2
174179
exit 1
@@ -650,31 +655,67 @@ OVN_SB_DB=unix:$sandbox/db-sb.sock; export OVN_SB_DB
650655
EOF
651656
. $sandbox_name/sandbox.rc
652657

653-
# Northbound db server
654-
prog_name='ovsdb-server-nb'
655-
run_service $prog_name ovsdb-server --detach --no-chdir \
656-
--pidfile=$prog_name.pid \
657-
--unixctl=$prog_name.ctl \
658-
-vconsole:off -vsyslog:off -vfile:info \
659-
--log-file=$prog_name.log \
660-
--remote=p$OVN_NB_DB \
661-
conf-nb.db ovnnb.db
662-
pid=`cat $sandbox_name/$prog_name.pid`
663-
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
664-
665-
# Southbound db server
666-
prog_name='ovsdb-server-sb'
667-
run_service $prog_name ovsdb-server --detach --no-chdir \
668-
--pidfile=$prog_name.pid \
669-
--unixctl=$prog_name.ctl \
670-
-vconsole:off -vsyslog:off -vfile:info \
671-
--log-file=$prog_name.log \
672-
--remote="p$OVN_SB_DB" \
673-
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \
674-
conf-sb.db ovnsb.db
675-
pid=`cat $sandbox_name/$prog_name.pid`
676-
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
677658

659+
if $enable_ssl ; then
660+
# Northbound db server
661+
prog_name='ovsdb-server-nb'
662+
run_service $prog_name ovsdb-server --detach --no-chdir \
663+
--pidfile=$prog_name.pid \
664+
--unixctl=$prog_name.ctl \
665+
-vconsole:off -vsyslog:off -vfile:info \
666+
--log-file=$prog_name.log \
667+
--remote=db:OVN_Northbound,NB_Global,connections \
668+
--private-key=db:OVN_Northbound,SSL,private_key \
669+
--certificate=db:OVN_Northbound,SSL,certificate \
670+
--ca-cert=db:OVN_Northbound,SSL,ca_cert \
671+
--ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols \
672+
--ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers \
673+
--remote=p$OVN_NB_DB ovnnb.db
674+
pid=`cat $sandbox_name/$prog_name.pid`
675+
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
676+
677+
# Southbound db server
678+
prog_name='ovsdb-server-sb'
679+
run_service $prog_name ovsdb-server --detach --no-chdir \
680+
--pidfile=$prog_name.pid \
681+
--unixctl=$prog_name.ctl \
682+
-vconsole:off -vsyslog:off -vfile:info \
683+
--log-file=$prog_name.log \
684+
--remote=db:OVN_Southbound,SB_Global,connections \
685+
--private-key=db:OVN_Southbound,SSL,private_key \
686+
--certificate=db:OVN_Southbound,SSL,certificate \
687+
--ca-cert=db:OVN_Southbound,SSL,ca_cert \
688+
--ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols \
689+
--ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers \
690+
--remote=p$OVN_SB_DB ovnsb.db
691+
pid=`cat $sandbox_name/$prog_name.pid`
692+
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
693+
else
694+
# Northbound db server
695+
prog_name='ovsdb-server-nb'
696+
run_service $prog_name ovsdb-server --detach --no-chdir \
697+
--pidfile=$prog_name.pid \
698+
--unixctl=$prog_name.ctl \
699+
-vconsole:off -vsyslog:off -vfile:info \
700+
--log-file=$prog_name.log \
701+
--remote=p$OVN_NB_DB \
702+
conf-nb.db ovnnb.db
703+
pid=`cat $sandbox_name/$prog_name.pid`
704+
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
705+
706+
# Southbound db server
707+
prog_name='ovsdb-server-sb'
708+
run_service $prog_name ovsdb-server --detach --no-chdir \
709+
--pidfile=$prog_name.pid \
710+
--unixctl=$prog_name.ctl \
711+
-vconsole:off -vsyslog:off -vfile:info \
712+
--log-file=$prog_name.log \
713+
--remote="p$OVN_SB_DB" \
714+
--remote=db:Open_vSwitch,Open_vSwitch,manager_options \
715+
conf-sb.db ovnsb.db
716+
pid=`cat $sandbox_name/$prog_name.pid`
717+
mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
718+
fi
678719
fi
679720
else
680721
touch "$sandbox"/.conf.db.~lock~
@@ -694,19 +735,35 @@ EOF
694735

695736
# Initialize database.
696737
if $controller ; then
697-
init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB
698-
init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB
738+
if $enable_ssl ; then
739+
tar -xzvf certs.tar.gz
740+
abs_path=`pwd`/certs
741+
ovn-nbctl set-ssl $abs_path/ovnnb-privkey.pem $abs_path/ovnnb-cert.pem \
742+
$abs_path/cacert.pem
743+
ovn-nbctl set-connection pssl:6641:127.0.0.1
744+
ovn-sbctl set-ssl $abs_path/ovnsb-privkey.pem $abs_path/ovnsb-cert.pem \
745+
$abs_path/cacert.pem
746+
ovn-sbctl set-connection pssl:6642:$CON_IP
747+
ovn-sbctl set conn . inactivity_probe=0
748+
else
749+
init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB
750+
init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB
699751

700-
ovs-vsctl --db=$OVN_SB_DB --no-wait \
701-
-- set open_vswitch . manager_options=@uuid \
702-
-- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0
752+
ovs-vsctl --db=$OVN_SB_DB --no-wait \
753+
-- set open_vswitch . manager_options=@uuid \
754+
-- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0
755+
fi
703756

704757
else
705758
init_ovsdb_server "ovsdb-server" unix:"$sandbox"/db.sock
706759
run ovs-vsctl --no-wait set open_vswitch . system-type="sandbox"
707760

708761
if $ovn ; then
709-
OVN_REMOTE="tcp:$CON_IP:6640"
762+
if $enable_ssl ; then
763+
OVN_REMOTE="ssl:$CON_IP:6642"
764+
else
765+
OVN_REMOTE="tcp:$CON_IP:6640"
766+
fi
710767

711768
ip_addr_add $host_ip $device
712769
SANDBOX_BIND_IP=$host_ip
@@ -756,9 +813,19 @@ function start_ovn {
756813
--ovnsb-db=$OVN_SB_DB
757814
else
758815
if $ovn ; then
759-
run_service ovn-controller ovn-controller --detach --no-chdir \
760-
--pidfile \
761-
-vconsole:off -vsyslog:off -vfile:info --log-file
816+
if [$enable_ssl = true]; then
817+
tar -xzvf certs.tar.gz
818+
abs_path=`pwd`/certs
819+
run_service ovn-controller ovn-controller \
820+
--private-key=$abs_path/ovn-controller-privkey.pem \
821+
--certificate=$abs_path/ovn-controller-cert.pem \
822+
--ca-cert=$abs_path/cacert.pem --detach --no-chdir \
823+
--pidfile -vconsole:off -vsyslog:off -vfile:info --log-file
824+
else
825+
run_service ovn-controller ovn-controller --detach --no-chdir \
826+
--pidfile \
827+
-vconsole:off -vsyslog:off -vfile:info --log-file
828+
fi
762829
fi
763830
fi
764831
}

rally_ovs/plugins/ovs/deployment/sandbox.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ def _install_ovs(self, server):
7373
ovs_server = get_updated_server(server, user=ovs_user)
7474
self._put_file(ovs_server, "install.sh")
7575
self._put_file(ovs_server, "ovs-sandbox.sh")
76+
self._put_file(ovs_server, "certs.tar.gz")
7677

7778

7879
cmds = []

rally_ovs/plugins/ovs/scenarios/sandbox.py

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,7 @@ def _create_sandbox(self, sandbox_create_args):
126126
start_cidr = sandbox_create_args.get("start_cidr")
127127
net_dev = sandbox_create_args.get("net_dev", "eth0")
128128
tag = sandbox_create_args.get("tag", "")
129+
ssl = sandbox_create_args.get("enable_ssl", False)
129130

130131
LOG.info("-------> Create sandbox method: %s" % self.install_method)
131132
install_method = self.install_method
@@ -159,10 +160,16 @@ def _create_sandbox(self, sandbox_create_args):
159160

160161
cmds = []
161162
for host_ip in host_ip_list:
162-
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
163-
--host-ip %s/%d --device %s" % \
164-
(controller_ip, host_ip, sandbox_cidr.prefixlen,
165-
net_dev)
163+
if ssl:
164+
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
165+
--host-ip %s/%d --device %s --ssl" % \
166+
(controller_ip, host_ip, sandbox_cidr.prefixlen,
167+
net_dev)
168+
else:
169+
cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
170+
--host-ip %s/%d --device %s" % \
171+
(controller_ip, host_ip, sandbox_cidr.prefixlen,
172+
net_dev)
166173
cmds.append(cmd)
167174

168175
sandboxes["sandbox-%s" % host_ip] = tag

0 commit comments

Comments
 (0)