forked from GlobalNOC/OESS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
315 lines (213 loc) · 14.6 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
OESS - Open Exchange Software Suite
https://globalnoc.github.io/OESS/
Copyright 2011 Trustees of Indiana University AND University Corporation for Advanced Internet Development (UCAID d.b.a. Internet2)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
1. What is OESS
OESS is an application to configure and control OpenFlow Enabled switches
through a very simple and user friendly User Interface. OESS provides
sub-second circuit provisioning, automatic failover, per-interface permissions,
and automatic per-Vlan statistics.
2. Requirements
OESS requires several packages to work, the core is built on Apache, and MySQL
howevever there are several other packages needed. One of which is SNAPP collector.
3. Installation
OESS is easy to setup, with our provided oess_setup.pl script. This script
(installed in /usr/bin/oess_setup.pl via RPM) takes a user step by step to
get base OESS configuration up and running. Once the base installation is
complete the rest of the configuration is done through the Administrator
Interface located (http://localhost/oess/admin/admin_index.cgi). This UI
allows for the creation of new users, the acceptance of new Nodes and links
and the setup and configuration of workgroups.
To start the OESS services, there is an init script /etc/init.d/oess that should
start all of the individual pieces of OESS in the proper order.
OESS needs a few ports to be able to operator
6633 - OpenFlow protocol
443/80 - Apache/SSL
4. Administration
The Admin UI provides the ability to control almost every aspect of the OESS
software. Including users, workgroups, ports, nodes, and links. Any
user that can reach the administrative UI can make any changes. This should
be locked down to allowed users, through use of a different HTPASSWD file
or a different authentication mechanism. Once this is done, users can be
added and put into workgroups. The workgroups allow permissions to be assigned
to users as groups instead of individuals. This way an entity can have multiple
people with the same permissions. Workgroups are given access to individual
interfaces on devices. Any workgroup can provision over trunk interfaces.
Once a user and workgroup are configured, the network devices need to be approved.
This depends on the network devices being configured to talk to the openflow
controller now running on the host. If the devices are talking to the controller
then they will appear in the Discovery section of the admin UI. Clicking a row
in under the devices table, allows the user to set the device name, and set a lat
and longitude. Once the device is confirmed, any links detected between other
confirmed devices will appear in the links table. Select a row in the Links table
to approve a link for usage. Once all of the devices and links have been confirmed
the available non-trunk interfaces for the devices will appear in the Workgroups
add Edge Port page. Add any ports to the workgroup to allow that group to provision
any circuits.
5. Configuration
IF YOU RAN THE oess_setup.pl SCRIPT SKIP THIS SECTION!
If you do not use the oess_setup.pl script then manual configuration must occur.
First you need a mysql instance running, and need to create an OESS mysql user
and set the password, finally create the database named (oess?) and do a grant
all on oess.* to your oess user.
Once the OESS user is installed and granted privileges on the OESS Database,
you can now install the schema. The schema will be located with the OESS::Database
perl module. It will be called nddi.sql. Import the schema into your mysql instance.
Once the OESS schema is installed, you need to set a few bits of information, for example
it needs a local network/domain. This needs to be inserted into the network table, and
the is_local bit needs to be set to 1.
At this point in time the OESS database is all set, but the OESS configuration is not done.
OESS needs to know how to talk to the database, the configuration file that contains this
information needs to be located in /etc/oess/database.xml this configuration file should
contain all of the information on how to connect to the mysql database, and oscars
configuration details. The config file should look like this...
<config version="0.1" snapp_config_location="/SNMP/snapp/snapp_config.xml">
<credentials type="mysql" database="oess" username="oess-rw" password="secret"></credentials>
<oscars host="https://localhost" cert="/path/to/mycert.crt" key="/path/to/mykey.key"
topo="http://ndb7.net.internet2.edu:8012/perfSONAR_PS/services/topology"/>
</config>
At this point OESS is configured, but services like SNAPP are not. To set them up, you'll need
to first set up the snapp database. The SQL file for this will be located in /usr/share/oess-core/
and will be called snapp.mysql.sql. Insert it into a database called snapp. If you don't already,
create a user called snapp for the database, and within SQL, run:
`GRANT ALL PRIVILEGES ON snapp.* to 'snapp'\@'localhost'`
Afterwards, you will need to go and create a config file for SNAPP. Run these commands:
`/bin/mkdir -p /SNMP/snapp`
Then with your favorite text editor, create an xml file at this location:
`/SNMP/snapp/snapp_config.xml`
Add this in there for the configuration. Don't forget to replace the password field with your database password!
<snapp-config>
<db type="mysql" name="snapp" username="snapp" password="$snapp_pass" port="3306" host="localhost" collection_class_name="PerVlanPerInterface">
</db>
<control port="9967" enable_password="control-caos"></control>
</snapp-config>
Now, for SNAPP to be of any use to you, you will need to set up a location for the rrd files. To set that up, run these commands.
`/bin/mkdir /SNMP/snapp/db/`
`/bin/chown _snapp:_snapp /SNMP/snapp/db/ -R`
Now, open up MYSQL and run these commands:
`use snapp`
`update global set value = '/SNMP/snapp/db/' where name = 'rrddir'`
For the next command, replace the ? with the interval you want OESS to collect VLAN per Interface statistics. (By default, oess_setup.pl will set this to 10)
`insert into collection_class (name,description,collection_interval,default_cf,default_class) VALUES ('PerVlanPerInterface','FlowStats',?,'AVERAGE',0)`
Take note of the id created from the last command. You'll need it in the next step.
Run this command:
`select * from oid_collection where name = 'in-octets' or name = 'out-octets' or name = 'in-packets' or name = 'out-packets'`
Several rows should be returned to you. For each row returned, do an insert command like so:
`insert into oid_collection_class_map (collection_class_id,oid_collection_id,order_val,ds_name) VALUES (<collection_class_id_I_told_you_to_get_above>,<oid_collection_id_from_group_of_rows_from_above_select_command>,20,<name_from_above_select_command>)`
The next step is to set up RRA handling. Two questions to answer here before the mysql command needed for this:
How many data points do I want consolidated? (Default is one with the oess setup);
How long do I want to retain RRD data? (Default is 100 days)
With these in mind, run this command.
`insert into rra (collection_class_id,step,cf,num_days,xff) VALUES (<the_collection_class_id_told_you_to_save,<how_many_data_points_you_want_consolidated>,'AVERAGE',<number_of_days_you_put_in>,0.8)`;
Repeat the above steps if you want another RRA. Otherwise, move on.
You will now need to create an admin workgroup. Run these commands to do so:
`use oess` (or whatever you decided to name your oess database)
`insert into workgroup (name,type) values ('admin','admin')`;
We now need to make a frontend user for OESS. Assuming you are using htpasswd for auth:
If it doesn't exist already, make a path /usr/share/oess-frontend/www/ with octal permission of 755
In the www directory, run this command:
htpasswd -c <user_name_of_your_choice>
The command will prompt you for a password. Type it in, and the password file should be good to go.
Ideally, using the same username you used for the htpasswd file, go back in MYSQL, and run these commands to create an admin user:
`use oess` (or whatever you decided to name your oess database)
`insert into user (email, given_names, family_name, type) values ('<your_email>', '<your_given_name>', '<your_family_or_last_name>', 'admin')`;
`select * from user` and take note of the user id it returns for the user you created. With that in hand:
insert into remote_auth (auth_name, user_id) values ('<user_name_in_htpasswd_file>',<user_id_from_above_select_command>)`
Now we need to associate the new user with the admin workgroup. To do that:
`select * from workgroup`;
Take note of the id of the admin workgroup I had you create:
`insert into user_workgroup_membership (workgroup_id, user_id) values (<workgroup_id>, <user_id>)`;
Exit MySQL, and if you want to jump right into working with OESS, run this command:
`/etc/init.d/oess start`
And OESS should be good to go!
6. Banana
_
//\
V \
\ \_
\,'.`-.
|\ `. `.
( \ `. `-. _,.-:\
\ \ `. `-._ __..--' ,-';/
\ `. `-. `-..___..---' _.--' ,'/
`. `. `-._ __..--' ,' /
`. `-_ ``--..'' _.-' ,'
`-_ `-.___ __,--' ,'
`-.__ `----""" __.-'
`--..____..--' _
7. Where to go for Help
8. Downloading the Code
9. Supported devices
So far OESS has been tested against the NEC Rack switch model G8264
10. OSCARS (IDC)
OESS only works with OSCARS 0.6. An OSCARS distribution that has been tested
to work with OESS is included with this distribution. Configuring OSCARS is
covered in the OSCARS documentation. Configuring OESS to work with OSCARS is
covered below.
Presuming you have an OSCARS 0.6 instance setup and running, it is very simple
to import all of the remote topologies into your OESS instance. A script called
populate_remote_information.pl pulls down topology from the configured Topology
Service and populates the node and interface data into the Database. This is
then used when provisioning Interdomain circuits in OESS. To configure remote
links to other networks in OESS, use the Administration UI, and select the Remote
Links tab. To add a new Link, first select the confirmed node, then pick the local
interface the remote link is on. At this point you will get a popup that ask for the
name and the remote urn. The name will be the name for the link in your topology
that will be submitted to the Topology service. The remote URN should be the remote
IDCs endpoint which this port connects to. When you are done adding remote links
click the submit topology button, to submit your topology to your configured
Topology Service
You probably need to restart OSCARS now to make it not cache the topology.
At this point if you have a peering up, you should be able to do interdomain circuits
11. Testing with MiniNet
If you want to test and play with OESS but do not have any OpenFlow capable switches
then MiniNet is for you. MiniNet provides software defined OpenFlow switches that
can process flow rules according to the openflow specification.
MiniNet can be obtained here
http://yuba.stanford.edu/foswiki/bin/view/OpenFlow/MininetGettingStarted
Save the following as /home/openflow/mininet/custom/oess.py
from mininet.topo import Topo, Node
class MyTopo( Topo ):
"Simple topology example."
def __init__( self, enable_all = True ):
"Create custom topo."
# Add default members to class.
super( MyTopo, self ).__init__()
# Set Node IDs for hosts and switches
northSwitch = 1
southSwitch = 2
eastSwitch = 3
westSwitch = 4
eastHost = 5
westHost = 6
northHost = 7
# Add nodes
self.add_node( northSwitch, Node( is_switch=True ) )
self.add_node( southSwitch, Node( is_switch=True ) )
self.add_node( eastSwitch, Node( is_switch=True ) )
self.add_node( westSwitch, Node( is_switch=True ) )
self.add_node( eastHost, Node( is_switch=False ) )
self.add_node( westHost, Node( is_switch=False ) )
self.add_node( northHost, Node( is_switch=False ) )
# Add edges
self.add_edge( eastSwitch, northSwitch )
self.add_edge( eastSwitch, southSwitch )
self.add_edge( westSwitch, northSwitch )
self.add_edge( westSwitch, southSwitch )
#self.add_edge( northSwitch, southSwitch )
self.add_edge( eastSwitch, eastHost )
self.add_edge( westSwitch, westHost )
self.add_edge( northSwitch, northHost )
# Consider all switches and hosts 'on'
self.enable_all()
topos = { 'oess_example': ( lambda: MyTopo() ) }
then run the following on the mini-net host
cd /home/openflow/mininet; sudo mn --controller remote --ip <ip address of controller host> --custom ./custom/oess.py --topo oess_example --port=<port controller is listening on, default 6633>