Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

If user wants to create an SSL connection with the controller in PicOS switch, please follow the following steps:

# Switch

root@PicOS-OVS#sudo apt-get install openssl 

Reading package lists... Done

Building dependency tree       

Reading state information... Done

Suggested packages:

  ca-certificates

The following NEW packages will be installed:

  openssl

0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.

Need to get 696 kB of archives.

After this operation, 1070 kB of additional disk space will be used.

WARNING: The following packages cannot be authenticated!

  openssl

Authentication warning overridden.

Get:1 http://ftp.debian.org/debian/ stable/main openssl powerpc 1.0.1e-2 [696 kB]

Fetched 696 kB in 5s (131 kB/s)   

Selecting previously unselected package openssl.

(Reading database ... 17049 files and directories currently installed.)

Unpacking openssl (from .../openssl_1.0.1e-2_powerpc.deb) ...

Processing triggers for man-db ...

Setting up openssl (1.0.1e-2) ...

root@PicOS-OVS#ovs-pki init

/ovs/bin/ovs-pki: /ovs/var/lib/openvswitch/pki already exists and --force not specified

root@PicOS-OVS#ovs-pki init --force

Creating controllerca...

Creating switchca...

root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/controllerca

root@PicOS-OVS#ovs-pki req+sign ctl controller

ctl-req.pem     Mon Jan 13 03:26:05 UTC 2014

        fingerprint 1cbf63b21301f33d9b4aa30540bff492f15bced3

root@PicOS-OVS#ls

ca.cnf      careq.pem  crl        ctl-cert.pem     ctl-req.pem  index.txt.attr      index.txt.old  private  serial.old

cacert.pem  certs      crlnumber  ctl-privkey.pem  index.txt    index.txt.attr.old  newcerts       serial

root@PicOS-OVS#ls ctl-privkey.pem ctl-cert.pem

ctl-cert.pem  ctl-privkey.pem

root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/switchca

root@PicOS-OVS#ovs-pki req+sign sc switch

sc-req.pem      Mon Jan 13 03:26:54 UTC 2014

        fingerprint 65ed449bee94b8e7b8ba7da6f6584afd2f9cc2fb

root@PicOS-OVS#ls sc-privkey.pem sc-cert.pem

sc-cert.pem  sc-privkey.pem

root@PicOS-OVS#

root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-cert.pem 10.10.50.41:/home/build                  

The authenticity of host '10.10.50.41 (10.10.50.41)' can't be established.

ECDSA key fingerprint is e6:04:3b:c8:24:36:c7:dd:c1:06:6a:69:e2:3b:82:2f.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '10.10.50.41' (ECDSA) to the list of known hosts.

root@10.10.50.41's password: 

ctl-cert.pem                                                                                                               100% 4063     4.0KB/s   00:00    

root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-privkey.pem 10.10.50.41:/home/build

root@10.10.50.41's password: 

ctl-privkey.pem                                                                                                            100% 1675     1.6KB/s   00:00    

root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/switchca/cacert.pem 10.10.50.41:/home/build

root@10.10.50.41's password: 

cacert.pem                                                                                                                 100% 4028     3.9KB/s   00:00    

root@PicOS-OVS#ovs-vsctl set-ssl /ovs/var/lib/openvswitch/pki/switchca/sc-privkey.pem /ovs/var/lib/openvswitch/pki/switchca/sc-cert.pem /ovs/var/lib/openvswitch/pki/controllerca/cacert.pem

root@PicOS-OVS#ovs-vsctl  del-br br0

ovs-vsctl: no bridge named br0

root@PicOS-OVS#ovs-vsctl  add-br br0 -- set bridge br0 datapath_type=pica8

root@PicOS-OVS#ovs-vsctl  set-controller br0 ssl:10.10.50.41:6633

root@PicOS-OVS#

 

# Controllr

root@dev-41:/home/build# ryu-manager --ctl-privkey ./ctl-privkey.pem --ctl-cert ./ctl-cert.pem --ca-certs ./cacert.pem --verbose 

loading app ryu.controller.ofp_handler

instantiating app ryu.controller.ofp_handler of OFPHandler

BRICK ofp_event

  CONSUMES EventOFPPortDescStatsReply

  CONSUMES EventOFPSwitchFeatures

  CONSUMES EventOFPErrorMsg

  CONSUMES EventOFPEchoRequest

  CONSUMES EventOFPHello

connected socket:<eventlet.green.ssl.GreenSSLSocket object at 0x9f1ebfc> address:('10.10.50.155', 48508)

hello ev <ryu.controller.ofp_event.EventOFPHello object at 0x9ecf1ec>

move onto config mode

switch features ev version: 0x4 msg_type 0x6 xid 0xa2f1cf23 OFPSwitchFeatures(auxiliary_id=0,capabilities=7,datapath_id=7461368339596857098L,n_buffers=256,n_tables=254)

move onto main mode