SDNRM_configuration

Home > Configuration > SDN RM

Disclaimer: The following configuration manual assumes that installation of the whole software has been done according to the installation manual.

Configuration options

The configuration file is located at optin_manager/src/python/openflow/optin_manager/localsettings.py.

General parameters

FLAG	Values	Comments
`SITE_DOMAIN`	String	SDN RM (Opt-in) host domain name

Root (Island Manager) account information

FLAG	Values	Comments
`ROOT_USERNAME`	String	SDN RM (Opt-in)'s root username (Note: this does not create a superuser account in Django. You will be requested to do that in the last step of the installation)
`ROOT_PASSWORD`	String	SDN RM (Opt-in)'s root password
`ROOT_EMAIL`	String	SDN RM (Opt-in)'s root email. This mail will be used to send notifications

Database parameters

FLAG	Values	Comments
`DATABASE_USER`	String	MySQL username
`DATABASE_PASSWORD`	String	MySQL password
`DATABASE_HOST`	String	MySQL host (e.g. 127.0.0.1)
`DATABASE_NAME`	String	Opt-in database name.

GUI procedures

Configuring connections and authorisation

From the Manage Website button two actions should be performed:

Set Clearinghouse: This sets the username/password which the Clearinghouse (Expedient) will use to authenticate against Opt-in Manager when it uses the XMLRPC interface. Just set:
- Username
- Password

Remember the previous data to set the username and password for the RM in Expedient

Set FlowVisor: This sets the parameters required to communicate with the FlowVisor:

FV Name: Name to identify this FlowVisor instance.
Username: Username to use to access the FlowVisor (set during FlowVisor installation)
Password: Password to use to access the FlowVisor (set during FlowVisor installation)
Server URL: URL of the FlowVisor's XMLRPC interface. It should be https://DOMAIN_NAME:PORT/xmlrpc/, default port is 8080. Notice that DOMAIN_NAME can be an IP address as long as it matches the certificate's Common Name of the server where FlowVisor is running.
Verify Certificates?: Do not set.

Handling Expedient Flowspace requests

If properly configured, SDN RM (Opt-in manager) will send an email to the root email once a new request comes from the Expedient.

Automatically

Starting from release 0.8, SDN RM (Opt-in manager) be configured to:

Automatically negotiate a VLAN for slices that span several domains
Automatically approve FlowSpace requests

To get to the options, go to Manage Website > Auto-Approve Settings. Once in the page, choose "Approve all requests" in the dropdown list and check one or both "Grant VLANs automatically" and "Approve Flowspace automatically".

Grant VLANs automatically: automatically establishes a connection against other OF AMs involved in the experiment.
Approve Flowspace automatically: in conjunction with the previous option it allows to automatically approve the FlowSpace at the island

Manually

If the automatic approval has not been enabled on the island, FlowSpace requests must be handled manually. Requests coming from Expedient do NOT appear on the "Request list". To see them you have to go to Administrate Flowspace > Add rule.

SFA and GENI procedures

Setting the URN for your island

In order to advertise the resources of your island in an appropriate manner, you should change the HRN setting in the file optin_manager/src/python/openflow/optin_manager/geni/v3/settings/optin.py as follows:

HRN = ocf.<your_organization_name_in_lowercase> # Example: ocf.i2cat

Finally, restart Apache. If you have RO deployed in your island and at least run once, you should delete the SDNRM resources inside RO's database. In a console, write the following:

mongo
> use felix_ro
> db.resource.of.node.drop()
> db.resource.of.link.drop()
> exit

After that, and assuming that CRM resources are deleted as well, you may restart the RO.

Allowing requests to the SFA and GENIv3 interfaces

The last step for configuration relates to the management of the clients that are allowed to communicate against the GENIv3 API of your resource managers (RMs). Both SDN RM and C RM require to authorise the certificate of the clearinghouse that issues the credentials of the client you want to allow. Such certificate can be found in ~/.gcf/ch-cert.pem in case you are using the GENI Control Framework and Clearinghouse.

Note1: in the first stages of deployment, every FELIX island will use the same certificates (and respective keys) for ClearingHouse and user Alice. Request such certificates and place them in ~/.gcf/ch-cert.pem (~/.gcf/ch-key.pem), ~/.gcf/trusted_roots/ch-cert.pem, ~/.gcf/trusted_roots/CATedCACerts.pem and ~/.gcf/alice-cert.pem (~/.gcf/alice-key.pem), respectively. If using RMs that request to have a copy of the client or peer certificate to be trusted, place the Clearinghouse certificate under their respective folders (see below for SDN RM).

Enabling a specific peer is achieved in two steps:

Add the certificate of the client's clearinghouse in the RM

Add it as a new .gid file (you pick the name) to the trusted_roots folder:

cp -p ~/.gcf/ch-cert.pem <path_to_ocf>/optin_manager/src/python/openflow/optin_manager/geni/v3/trusted_roots/felix-<organisation>.gid

Note: ensure that this file is unique, i.e. not previously saved under other name or coincident

Append the certificate of the client's clearinghouse in the Apache SSL

Append it to the end of the /etc/apache2/ssl.crt/ca_clients.crt file
Restart Apache

General info
- Overview
- Architecture
Administering
- Installing
- Upgrading
- Configuration
  - Components
    - Expedient
    - (M)RO
    - SDN RM
    - CRM
      - XEN CRM
      - KVM CRM
    - SE RM
    - C-BAS
  - Infrastructure
    - XEN server
- Management
  - (M)RO
Contributing
Experimenting
- OMNI client
- CH
  - CBAS
    - ABAC creds
  - GENI

Provide feedback

Saved searches

Use saved searches to filter your results more quickly