]>
Commit | Line | Data |
---|---|---|
064af421 BP |
1 | Template: openvswitch-switch/netdevs |
2 | Type: multiselect | |
3 | _Choices: ${choices} | |
4 | _Description: OpenFlow switch network devices: | |
5 | Choose the network devices that should become part of the OpenFlow | |
6 | switch. At least two devices must be selected for this machine to be | |
7 | a useful switch. Unselecting all network devices will disable the | |
8 | OpenFlow switch entirely. | |
9 | . | |
10 | The network devices that you select should not be configured with IP | |
11 | or IPv6 addresses, even if the switch contacts the controller over | |
12 | one of the selected network devices. This is because a running | |
13 | OpenFlow switch takes over network devices at a low level: they | |
14 | become part of the switch and cannot be used for other purposes. | |
15 | ||
16 | Template: openvswitch-switch/no-netdevs | |
17 | Type: error | |
18 | _Description: No network devices were selected. | |
19 | No network devices were selected for inclusion in the OpenFlow switch. | |
20 | The switch will be disabled. | |
21 | ||
22 | Template: openvswitch-switch/configured-netdevs | |
23 | Type: note | |
24 | _Description: Some Network Devices Have IP or IPv6 Addresses | |
25 | The following network devices selected to be part of the OpenFlow switch | |
26 | have IP or IPv6 addresses configured: | |
27 | . | |
28 | ${configured-netdevs} | |
29 | . | |
30 | This is usually a mistake, even if the switch contacts the controller over | |
31 | one of the selected network devices. This is because a running | |
32 | OpenFlow switch takes over network devices at a low level: they | |
33 | become part of the switch and cannot be used for other purposes. | |
34 | . | |
35 | If this is an unintentional mistake, move back and fix the selection, | |
36 | or de-configure the IP or IPv6 from these network devices. | |
37 | ||
38 | Template: openvswitch-switch/mode | |
39 | Type: select | |
40 | _Choices: discovery, in-band, out-of-band | |
41 | Default: discovery | |
42 | _Description: Switch-to-controller access method: | |
43 | The OpenFlow switch must be able to contact the OpenFlow controller over | |
44 | the network. It can do so in one of three ways: | |
45 | . | |
46 | discovery: A single network is used for OpenFlow traffic and other | |
47 | data traffic; that is, the switch contacts the controller over one of | |
48 | the network devices selected as OpenFlow switch network devices in | |
49 | the previous question. The switch automatically determines the | |
50 | location of the controller using a DHCP request with an | |
51 | OpenFlow-specific vendor option. This is the most common case. | |
52 | . | |
53 | in-band: As above, but the location of the controller is manually | |
54 | configured. | |
55 | . | |
56 | out-of-band: OpenFlow traffic uses a network separate from the data traffic | |
57 | that it controls. If this is the case, the control network must already | |
58 | be configured on a network device other than one of those selected as | |
59 | an OpenFlow switch netdev in the previous question. | |
60 | ||
61 | Template: openvswitch-switch/discover | |
62 | Type: note | |
63 | _Description: Preparing to discover controller. | |
64 | The setup program will now attempt to discover the OpenFlow controller. | |
65 | Controller discovery may take up to 30 seconds. Please be patient. | |
66 | . | |
8cd4882f | 67 | See ovs-openflowd(8) for instructions on how to configure a DHCP server for |
064af421 BP |
68 | controller discovery. |
69 | ||
70 | Template: openvswitch-switch/discovery-failure | |
71 | Type: error | |
72 | _Description: Controller discovery failed. | |
73 | The controller's location could not be determined automatically. | |
74 | . | |
75 | Ensure that the OpenFlow DHCP server is properly configured. See | |
8cd4882f | 76 | ovs-openflowd(8) for instructions on how to configure a DHCP server for |
064af421 BP |
77 | controller discovery. |
78 | ||
79 | Template: openvswitch-switch/discovery-success | |
80 | Type: boolean | |
81 | Default: true | |
82 | _Description: Use discovered settings? | |
83 | Controller discovery obtained the following settings: | |
84 | . | |
85 | Controller location: ${controller-vconn} | |
86 | . | |
87 | PKI URL: ${pki-uri} | |
88 | . | |
89 | Please verify that these settings are correct. | |
90 | ||
91 | Template: openvswitch-switch/switch-ip | |
92 | Type: string | |
93 | Default: dhcp | |
94 | _Description: Switch IP address: | |
95 | For in-band communication with the controller, the OpenFlow switch must | |
96 | be able to determine its own IP address. Its IP address may be configured | |
97 | statically or dynamically. | |
98 | . | |
99 | For static configuration, specify the switch's IP address as a string. | |
100 | . | |
101 | For dynamic configuration with DHCP (the most common case), specify "dhcp". | |
102 | Configuration with DHCP will only work reliably if the network topology | |
103 | allows the switch to contact the DHCP server before it connects to the | |
104 | OpenFlow controller. | |
105 | ||
106 | Template: openvswitch-switch/switch-ip-error | |
107 | Type: error | |
108 | _Description: The switch IP address is invalid. | |
109 | The switch IP address must specified as "dhcp" or a valid IP address in | |
110 | dotted-octet form (e.g. "1.2.3.4"). | |
111 | ||
112 | Template: openvswitch-switch/controller-vconn | |
113 | Type: string | |
114 | _Description: Controller location: | |
115 | Specify how the OpenFlow switch should connect to the OpenFlow controller. | |
116 | The value should be in form "ssl:HOST[:PORT]" to connect to the controller | |
117 | over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over | |
118 | cleartext TCP. | |
119 | ||
120 | Template: openvswitch-switch/controller-vconn-error | |
121 | Type: error | |
122 | _Description: The controller location is invalid. | |
123 | The controller location must be specifed as "ssl:HOST[:PORT]" to | |
124 | connect to the controller over SSL (recommended for security) or | |
125 | "tcp:HOST[:PORT]" to connect over cleartext TCP. | |
126 | ||
127 | Template: openvswitch-switch/pki-uri | |
128 | Type: string | |
129 | _Description: OpenFlow PKI server host name or URL: | |
130 | Specify a URL to the OpenFlow public key infrastructure (PKI). If a | |
131 | host name or IP address is specified in place of a URL, then | |
132 | http://<host>/openvswitch/pki/ will be used, | |
133 | where <host> is the specified host name or IP address. | |
134 | . | |
135 | The OpenFlow PKI is usually on the same machine as the OpenFlow | |
136 | controller. | |
137 | . | |
138 | The setup process will connect to the OpenFlow PKI server over | |
139 | HTTP, using the system's configured default HTTP proxy (if any). | |
140 | ||
141 | Template: openvswitch-switch/fetch-cacert-failed | |
142 | Type: error | |
143 | _Description: The switch CA certificate could not be retrieved. | |
144 | Retrieval of ${url} failed, with the following status: "${error}". | |
145 | . | |
146 | Ensure that the OpenFlow PKI server is correctly configured and | |
147 | available at ${pki-uri}. If the system is configured to use an HTTP | |
148 | proxy, also make sure that the HTTP proxy is available and that the | |
149 | PKI server can be reached through it. | |
150 | ||
151 | Template: openvswitch-switch/verify-controller-ca | |
152 | Type: select | |
153 | _Choices: yes, no | |
154 | Default: yes | |
155 | _Description: Is ${fingerprint} the controller CA's fingerprint? | |
156 | If a man-in-the-middle attack is possible in your network | |
157 | environment, check that the controller CA's fingerprint is really | |
158 | ${fingerprint}. Answer "yes" if it matches, "no" if | |
159 | there is a discrepancy. | |
160 | . | |
161 | If a man-in-the-middle attack is not a concern, there is no need to | |
162 | verify the fingerprint. Simply answer "yes". | |
163 | ||
164 | Template: openvswitch-switch/send-cert-req | |
165 | Type: select | |
166 | _Choices: yes, no | |
167 | Default: yes | |
168 | _Description: Send certificate request to switch CA? | |
169 | Before it can connect to the controller over SSL, the OpenFlow | |
170 | switch's key must be signed by the switch certificate authority (CA) | |
171 | located on the OpenFlow PKI server, which is usually collocated with | |
172 | the OpenFlow controller. A signing request can be sent to the PKI | |
173 | server now. | |
174 | . | |
175 | Answer "yes" to send a signing request to the switch CA now. This is | |
176 | ordinarily the correct choice. There is no harm in sending a given | |
177 | signing request more than once. | |
178 | . | |
179 | Answer "no" to skip sending a signing request to the switch CA. | |
180 | Unless the request has already been sent to the switch CA, manual | |
181 | sending of the request and signing will be necessary. | |
182 | ||
183 | Template: openvswitch-switch/send-cert-req-failed | |
184 | Type: error | |
185 | _Description: The certificate request could not be sent. | |
186 | Posting to ${url} failed, with the following status: "${error}". | |
187 | . | |
188 | Ensure that the OpenFlow PKI server is correctly configured and | |
189 | available at ${pki-uri}. | |
190 | ||
191 | Template: openvswitch-switch/fetch-switch-cert | |
192 | Type: select | |
193 | _Choices: yes, no | |
194 | _Description: Fetch signed switch certificate from PKI server? | |
195 | Before it can connect to the controller over SSL, the OpenFlow | |
196 | switch's key must be signed by the switch certificate authority (CA) | |
197 | located on the OpenFlow PKI server, which is usually collocated with | |
198 | the OpenFlow controller. | |
199 | . | |
200 | At this point, a signing request has been sent to the switch CA (or | |
201 | sending a request has been manually skipped), but the signed | |
202 | certificate has not yet been retrieved. Manual action may need to be | |
203 | taken at the PKI server to approve the signing request. | |
204 | . | |
205 | Answer "yes" to attempt to retrieve the signed switch certificate | |
206 | from the switch CA. If the switch certificate request has been | |
207 | signed at the PKI server, this is the correct choice. | |
208 | . | |
209 | Answer "no" to postpone switch configuration. The configuration | |
210 | process must be restarted later, when the switch certificate request | |
211 | has been signed. | |
212 | ||
213 | Template: openvswitch-switch/fetch-switch-cert-failed | |
214 | Type: error | |
215 | _Description: Signed switch certificate could not be retrieved. | |
216 | The signed switch certificate could not be retrieved from the switch | |
217 | CA: retrieval of ${url} failed, with the following status: "${error}". | |
218 | . | |
219 | This probably indicates that the switch's certificate request has not | |
220 | yet been signed. If this is the problem, it may be fixed by signing | |
221 | the certificate request at ${pki-uri}, then trying to fetch the | |
222 | signed switch certificate again. | |
223 | ||
224 | Template: openvswitch-switch/complete | |
225 | Type: note | |
226 | _Description: OpenFlow Switch Setup Finished | |
227 | Setup of this OpenFlow switch is finished. Complete the setup procedure | |
228 | to enable the switch. |