OFAM configuration

Home > Installation and configuration manuals > OFAM configuration

#current production OFAM

##localsettings.py configuration options (common)

###General parameters

FLAG	Values	Comments
`SITE_DOMAIN`	String	Opt-in host domain name

###Root (Island Manager) account information

FLAG	Values	Comments
`ROOT_USERNAME`	String	Opt-in's root username
`ROOT_PASSWORD`	String	Opt-in's root password
`ROOT_EMAIL`	String	Opt-in's root email. This mail will be used to send notifications

###Database parameters

FLAG	Values	Comments
`DATABASE_USER`	String	MySQL username
`DATABASE_PASSWORD`	String	MySQL password
`DATABASE_HOST`	String	MySQL host (e.g. 127.0.0.1)
`DATABASE_NAME`	String	Opt-in database name.

GUI procedures

Configuring connection with Expedient

From the Manage Website button two actions should be performed:

Set Clearinghouse: This sets the username/password which the Clearinghouse (Expedient) will use to authenticate against Opt-in Manager when it uses the XMLRPC interface. Just set:
- Username
- Password

Remember the previous data to set the username and password for the AM in Expedient

Set FlowVisor: This sets the parameters required to communicate with the FlowVisor:

FV Name: Name to identify this FlowVisor instance.
Username: Username to use to access the FlowVisor (set during FlowVisor installation)
Password: Password to use to access the FlowVisor (set during FlowVisor installation)
Server URL: URL of the FlowVisor's XMLRPC interface. It should be https://DOMAIN_NAME:PORT/xmlrpc/, default port is 8080. Notice that DOMAIN_NAME can be an IP address as long as it matches the certificate's Common Name of the server where FlowVisor is running.

Handling Expedient Flowspace requests

If properly configured, Opt-in manager will send an email to the Root email once a new request comes from the Expedient.

Automatically

Starting from release 0.8, Opt-in can be configured to:

Automatically negotiate a VLAN for slices that span several domains
Automatically approve FlowSpace requests

To get to the options, go to Manage Website > Auto-Approve Settings. Once in the page, choose "Approve all requests" in the dropdown list and check one or both "Grant VLANs automatically" and "Approve Flowspace automatically".

Grant VLANs automatically: automatically establishes a connection against other OF AMs involved in the experiment.
Approve Flowspace automatically: in conjunction with the previous option it allows to automatically approve the FlowSpace at the island

Manually

If the automatic approval has not been enabled on the island, FlowSpace requests must be handled manually. Requests coming from Expedient do NOT appear on the "Request list". To see them you have to go to Administrate Flowspace > Add rule.

Development OFAM (FOAM)

First of all, thanks to Nick Bastin for gracefully supplying the base for this open-source OpenFlow Aggregate Manager. For info regarding the specific FOAM version that is developed for OFELIA, please contact me (Vasileios Kotronis). In the case of errors/omissions in this guide I take full responsibility and welcome your feedback for improving further.

Installation and configuration of the development FOAM component (tested)

In case a previous version of FOAM is already installed on your system (under /opt/ofelia/ofam/local), the installation script will automatically backup the contents of the /opt/ofelia/ofam/local/db and /opt/ofelia/ofam/local/etc folders and the file /opt/ofelia/ofam/local/lib/foam/ofeliasettings/localsettings.py. After the installation, it will reinstate those folders and files to their original location. The ofver script will be modified by the OFELIA team to include the installation script (together with the automated backup) in next OCF versions. Generally, this OFAM comes with three folders:

bin (git versioned, according to OCF structure) --> /opt/ofelia/ofam/bin
src (git versioned, all src files, to be modified by hand only through git) --> /opt/ofelia/ofam/src
local (not git versioned, created on first installation) --> /opt/ofelia/ofam/local After integration with the main ofelia branch, most of the installation functionality will be handled by the ofver tool. Next steps are only required in case you install this OFAM for the first time.

Clone the OCF GitHub repo in a folder named e.g. "foam_git_repo":

git clone git://github.com/fp7-ofelia/ocf.git foam_git_repo

Choose the FOAM branch and move into the code

cd foam_git_repo
git checkout foamintegration

Note: this is the git repo copy with the most recent version of FOAM. In case something changes, pulling the alteration from git here and simply reinstalling the software will suffice (FOAM creates the main working folder from scratch based on this source). As explained before, the integration with the main ofelia.stable branch will automate the process.

You will now see the main FOAM src folder if the git checkout was successful

  cd ofam/src

Install FOAM:
```
sudo python install.py
```

And agree ('y') to install required packages without verification: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libxmlsec1 libxmlsec1-openssl libxslt1.1 nginx python-dateutil python-m2crypto python-pip python-pkg-resources python-setuptools xmlsec1 Suggested packages: python-distribute python-distribute-doc The following NEW packages will be installed: foam libxmlsec1 libxmlsec1-openssl libxslt1.1 nginx python-dateutil python-m2crypto python-pip python-pkg-resources python-setuptools xmlsec1 0 upgraded, 11 newly installed, 0 to remove and 51 not upgraded. Need to get 1,550kB of archives. After this operation, 5,444kB of additional disk space will be used. Do you want to continue [Y/n]? WARNING: The following packages cannot be authenticated! foam Install these packages without verification [y/N]? y If everything went OK you should see the FOAM folder under /opt/ofelia. Otherwise make sure you install previously the required packages.

Download the following root certificates and/or ant other you might need and place them all under /opt/ofelia/ofam/local/etc/gcf-ca-certs/:

sudo wget http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem -O /opt/ofelia/ofam/local/etc/gcf-ca-certs/pgeni.gpolab.bbn.com.pem

Rebuild the nginx CA cert bundle:
```
sudo foamctl admin:bundle-certs
```
Remove the symlink to the default nginx site (if you're not running it intentionally):
```
sudo rm /etc/nginx/sites-enabled/default
```

(Re)start the services

sudo service nginx restart # (if not already running it will just start)
sudo service foam restart  # (if not already running it will just start)

If everything went OK you should be able to:
- See FOAM running: sudo service foam status
- See it installed by now under /opt/ofelia/ofam/local (main working folder for FOAM)
Now you can use the foamctl tool/cli to control FOAM, slice-allocation etc.

For FOAM control: just run foamctl and check the available calls.
- Note: default password is admin
The following commands allow to access and set configuration values and are needed to begin working :
- In general, to get a configuration value: foamctl config:get-value --key ...
- In general, to set a configuration value: foamctl config:set-value --key ... --value ...
- To start with (necessary step), set FlowVisor info for your island (foamctl config:set-flowvisor-info). First make sure that FlowVisor is running, this is needed so that you can use the FlowVisor methods (like ping) later. The CLI will ask the hostname (e.g. localhost), XML port (default=8080) and JSON port (default=8081) that FlowVisor listens to. For the hostname simply pinpoint the machine on which FlowVisor runs.
- Next (also necessary step), edit the geni.site-tag value as follows: foamctl config:set-value --key geni.site-tag --value fp7-ofelia.eu:ocf:SITE_DOMAIN . This is needed for the production of OFELIA-compatibe rspecs within our FOAM version, and it identifies that FOAM is installed on an OFELIA island running OCF. If this is not the case (OFELIA island), contact us for more details on how to proceed. After setting the tag, please restart foam. Note: SITE_DOMAIN is the domain you are using for identifying your particular island site.
- In case you are not sure about the arguments you can supply to each foamctl command, please check the native script at /usr/local/bin/foamctl

Restart FOAM again after setting the geni:site-tag:
```
sudo service foam restart
```
[Optional] Setup email configuration: note that you don't have to set a value for Reply-To: unless you want it to be different from the From: address for some reason
```
foamctl config:setup-email
Password: <admin password> 
Admin email:                  
SMTP Server: 
From: 
Reply-To:
```
- Note: make sure port 3626 is reachable by experimenters (i.e. isn't blocked by network firewalls, iptables, etc). In case of problems, first check the log files under /opt/ofelia/ofam/local/log, especially the foam.log. If needed, rerunning the installation script (after pulling the latest git bug-fixes) will fix most major issues (and no other steps are required from your side).

Want to know more about FOAM?

These pages may be useful:

MAIN FOAM home: https://openflow.stanford.edu/display/FOAM/Home
For more configuration options: https://openflow.stanford.edu/display/FOAM/Configuration+Options
FOAM FAQ: https://openflow.stanford.edu/display/FOAM/FAQ
The default FOAM installation: https://openflow.stanford.edu/pages/viewpage.action?pageId=7045226

GUI procedures - Configuring connection between FOAM and Expedient (tested)

Make sure that nginx and foam are running properly.
First, edit the UNALLOWED VLANS list under /opt/ofelia/ofam/local/lib/foam/ofeliasettings/localsettings.py, and put there (in the form of a list) the VLANs that are not allowed at your installation site. Afterwards, restart the foam service.
On the main expedient administrative page, add a new Aggregate Manager of type OpenFlow, and on the consequent edit page supply its name, description, geographic location (attention: AMs within the same island must share the exact same location), whether the agregate is available or not, the username (default=foamadmin), FOAM's password, the FOAM API URL (e.g. https://localhost:3626/core/legacyexpedientapi/xmlrpc/), and disable the verify certs option. Then update the OFAM. Note: In case you face any problems with the authentication between FOAM and Expedient, make sure that the lines 5-7 of the foam.conf file under /etc/nginx/sites-enabled correspond to your correct configuration. An example of an apache2-based site configuration (with the corresponding lines 5-7 replaced) is the following:
```
ssl_certificate /etc/apache2/ssl.crt/server.crt;
ssl_certificate_key /etc/apache2/ssl.key/server.key;
ssl_client_certificate /etc/apache2/ssl.crt/ca.crt;
```

In general, make sure that what FOAM gets from the authentication process is what is expected. For problems regarding potential collisions with the AMSoil conf files, please contact the developers. If you change the configuration, make sure that you restart both nginx and foam.

Now your users can add the FOAM OFAM in their projects and slices and use it to reserve OpenFlow resources. Creating, starting, updating, stopping and deleting slice functions have been tested in virtual testing environments. Using foamctl, you (the admin) can see these slices, approve or reject them and many other things. Note, that using the geni terminology applied on FOAM you handle everything as "slivers", meaning that you need to use the geni methods for handling slivers. For more information per sliver, corresponding to a slice, check the method for showing per sliver info. Right now, the old optin manager's functionality can be fully handled by OFAM, including VLAN admin stamping. Mail notifications are also enabled. Lastly, regarding the OpenFlow network topology callback, due to issues with FlowVisor the simplest thing to do for now as an admin is to periodically update your FOAM instance (this will pull the most recent topology that FlowVisor sees and will update the Expedient slice visualization page). The OFELIA team will look for a way around the async topology callback notification issue. The patch is on the way after we solve some credential handling issues. NOTE: in case slice handling does not work at all and slice functions fail with exceptions, please make sure that FlowVisor is running in your installation. This is the most frequent cause why FOAM will not talk correctly with Expedient.
More options for admins to handle slices will be added on demand. For more clarifications, stay tuned or feel free to contact me ([email protected]).

###Special process for administrators: migrating old slices allocated through opt-in AM to FOAM (under evaluation)

Add FOAM as the OFAM within your island (see installation instructions two sections above).
Check the VLANs that are reserved from legacy opt-in slices. Put them within the foam UNALLOWED VLANS list under /opt/ofelia/ofam/local/lib/foam/ofeliasettings/ofeliasettings.py. This will guarantee that even if VLAN automation is enabled in FOAM, VLANs that have been previously allocated will not be reused by FOAM before their actual de-allocation during step 3. For example: if you have a VLAN in the legacy opt-in but foam does not know that, it will use it as free if the admin does not include it in the UNALLOWED VLANS list. Legacy-allocated VLANs must not interfere with new ones assigned by FOAM. The list can be updated later during step 4 in order to put these VLAN tags back in circulation. Always restart FOAM after updating the list!
Ask the user to add FOAM to his/her projects(s) and slice(s), and to perform steps 3 and 4.
The user then reserves the same flowspace as before using FOAM (exactly the same process as with the legacy opt-in).
Afterwards, he/she removes the old opt-in manager, and updates the slice. This means that old VLANs are deallocated, and now the admin can actually remove them from the UNALLOWED VLANS list allowing reuse of these tags, since they do not interfere with legacy slices any more. Afterwards the workflow from the user's side stays the same. New slices can be created exactly as before using foam. The reward for this extra effort from the user's side is the VLAN assignment automation engine engulfed within the modified FOAM, allowing automated VLAN stamping of the requested fs with available VLAN tags. (note to admin: this function needs to be enabled within FOAM first).

The transition appears to be a bit manual, but the reward for both the users and the IMs is a better and more robust component for handling the OpenFlow resources of the OFELIA islands. FOAM can and will be refined and extended, so having it as the base for the OCF evolution is a nice way to proceed with island management and software development.

Overview
Experimenting
Administering
- Installing
- Upgrading
- Configuration
  - Components
    - Expedient
    - OF AM
    - VT AM
  - Infrastructure
    - XEN server
- Troubleshooting
- Theme manager
Contributing
- Developing
- Reporting
  - Issue tracker and Roadmap

Provide feedback

Saved searches

Use saved searches to filter your results more quickly