[mirror_ovs.git] / debian / openvswitch-switch-config.templates

Template: openvswitch-switch/netdevs
Type: multiselect
_Choices: ${choices}
_Description: OpenFlow switch network devices:
 Choose the network devices that should become part of the OpenFlow
 switch.  At least two devices must be selected for this machine to be
 a useful switch.  Unselecting all network devices will disable the
 OpenFlow switch entirely.
 .
 The network devices that you select should not be configured with IP
 or IPv6 addresses, even if the switch contacts the controller over
 one of the selected network devices.  This is because a running
 OpenFlow switch takes over network devices at a low level: they
 become part of the switch and cannot be used for other purposes.

Template: openvswitch-switch/no-netdevs
Type: error
_Description: No network devices were selected.
 No network devices were selected for inclusion in the OpenFlow switch.
 The switch will be disabled.

Template: openvswitch-switch/configured-netdevs
Type: note
_Description: Some Network Devices Have IP or IPv6 Addresses
 The following network devices selected to be part of the OpenFlow switch
 have IP or IPv6 addresses configured:
 .
 ${configured-netdevs}
 .
 This is usually a mistake, even if the switch contacts the controller over
 one of the selected network devices.  This is because a running
 OpenFlow switch takes over network devices at a low level: they
 become part of the switch and cannot be used for other purposes.
 .
 If this is an unintentional mistake, move back and fix the selection,
 or de-configure the IP or IPv6 from these network devices.

Template: openvswitch-switch/mode
Type: select
_Choices: discovery, in-band, out-of-band
Default: discovery
_Description: Switch-to-controller access method:
 The OpenFlow switch must be able to contact the OpenFlow controller over
 the network.  It can do so in one of three ways:
 .
 discovery: A single network is used for OpenFlow traffic and other
 data traffic; that is, the switch contacts the controller over one of
 the network devices selected as OpenFlow switch network devices in
 the previous question.  The switch automatically determines the
 location of the controller using a DHCP request with an
 OpenFlow-specific vendor option.  This is the most common case.
 .
 in-band: As above, but the location of the controller is manually
 configured.
 .
 out-of-band: OpenFlow traffic uses a network separate from the data traffic
 that it controls.  If this is the case, the control network must already
 be configured on a network device other than one of those selected as
 an OpenFlow switch netdev in the previous question.

Template: openvswitch-switch/discover
Type: note
_Description: Preparing to discover controller.
 The setup program will now attempt to discover the OpenFlow controller.
 Controller discovery may take up to 30 seconds.  Please be patient.
 .
 See ovs-openflowd(8) for instructions on how to configure a DHCP server for
 controller discovery.

Template: openvswitch-switch/discovery-failure
Type: error
_Description: Controller discovery failed.
 The controller's location could not be determined automatically.
 .
 Ensure that the OpenFlow DHCP server is properly configured.  See
 ovs-openflowd(8) for instructions on how to configure a DHCP server for
 controller discovery.

Template: openvswitch-switch/discovery-success
Type: boolean
Default: true
_Description: Use discovered settings?
 Controller discovery obtained the following settings:
 .
 Controller location: ${controller-vconn}
 .
 PKI URL: ${pki-uri}
 .
 Please verify that these settings are correct.

Template: openvswitch-switch/switch-ip
Type: string
Default: dhcp
_Description: Switch IP address:
 For in-band communication with the controller, the OpenFlow switch must
 be able to determine its own IP address.  Its IP address may be configured
 statically or dynamically.
 .
 For static configuration, specify the switch's IP address as a string.
 .
 For dynamic configuration with DHCP (the most common case), specify "dhcp".
 Configuration with DHCP will only work reliably if the network topology
 allows the switch to contact the DHCP server before it connects to the
 OpenFlow controller.

Template: openvswitch-switch/switch-ip-error
Type: error
_Description: The switch IP address is invalid.
 The switch IP address must specified as "dhcp" or a valid IP address in
 dotted-octet form (e.g. "1.2.3.4").

Template: openvswitch-switch/controller-vconn
Type: string
_Description: Controller location:
 Specify how the OpenFlow switch should connect to the OpenFlow controller.
 The value should be in form "ssl:HOST[:PORT]" to connect to the controller
 over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over
 cleartext TCP.

Template: openvswitch-switch/controller-vconn-error
Type: error
_Description: The controller location is invalid.
 The controller location must be specifed as "ssl:HOST[:PORT]" to
 connect to the controller over SSL (recommended for security) or
 "tcp:HOST[:PORT]" to connect over cleartext TCP.

Template: openvswitch-switch/pki-uri
Type: string
_Description: OpenFlow PKI server host name or URL:
 Specify a URL to the OpenFlow public key infrastructure (PKI).  If a
 host name or IP address is specified in place of a URL, then
 http://<host>/openvswitch/pki/ will be used,
 where <host> is the specified host name or IP address.
 .
 The OpenFlow PKI is usually on the same machine as the OpenFlow
 controller.
 .
 The setup process will connect to the OpenFlow PKI server over
 HTTP, using the system's configured default HTTP proxy (if any).

Template: openvswitch-switch/fetch-cacert-failed
Type: error
_Description: The switch CA certificate could not be retrieved.
 Retrieval of ${url} failed, with the following status: "${error}".
 .
 Ensure that the OpenFlow PKI server is correctly configured and
 available at ${pki-uri}.  If the system is configured to use an HTTP
 proxy, also make sure that the HTTP proxy is available and that the
 PKI server can be reached through it.

Template: openvswitch-switch/verify-controller-ca
Type: select
_Choices: yes, no
Default: yes
_Description: Is ${fingerprint} the controller CA's fingerprint?
 If a man-in-the-middle attack is possible in your network
 environment, check that the controller CA's fingerprint is really
 ${fingerprint}.  Answer "yes" if it matches, "no" if
 there is a discrepancy.
 .
 If a man-in-the-middle attack is not a concern, there is no need to
 verify the fingerprint.  Simply answer "yes".

Template: openvswitch-switch/send-cert-req
Type: select
_Choices: yes, no
Default: yes
_Description: Send certificate request to switch CA?
 Before it can connect to the controller over SSL, the OpenFlow
 switch's key must be signed by the switch certificate authority (CA)
 located on the OpenFlow PKI server, which is usually collocated with
 the OpenFlow controller.  A signing request can be sent to the PKI
 server now.
 .
 Answer "yes" to send a signing request to the switch CA now.  This is
 ordinarily the correct choice.  There is no harm in sending a given
 signing request more than once.
 .
 Answer "no" to skip sending a signing request to the switch CA.
 Unless the request has already been sent to the switch CA, manual
 sending of the request and signing will be necessary.

Template: openvswitch-switch/send-cert-req-failed
Type: error
_Description: The certificate request could not be sent.
 Posting to ${url} failed, with the following status: "${error}".
 .
 Ensure that the OpenFlow PKI server is correctly configured and
 available at ${pki-uri}.

Template: openvswitch-switch/fetch-switch-cert
Type: select
_Choices: yes, no
_Description: Fetch signed switch certificate from PKI server?
 Before it can connect to the controller over SSL, the OpenFlow
 switch's key must be signed by the switch certificate authority (CA)
 located on the OpenFlow PKI server, which is usually collocated with
 the OpenFlow controller.
 .
 At this point, a signing request has been sent to the switch CA (or
 sending a request has been manually skipped), but the signed
 certificate has not yet been retrieved.  Manual action may need to be
 taken at the PKI server to approve the signing request.
 .
 Answer "yes" to attempt to retrieve the signed switch certificate
 from the switch CA.  If the switch certificate request has been
 signed at the PKI server, this is the correct choice.
 .
 Answer "no" to postpone switch configuration.  The configuration
 process must be restarted later, when the switch certificate request
 has been signed.

Template: openvswitch-switch/fetch-switch-cert-failed
Type: error
_Description: Signed switch certificate could not be retrieved.
 The signed switch certificate could not be retrieved from the switch
 CA: retrieval of ${url} failed, with the following status: "${error}".
 .
 This probably indicates that the switch's certificate request has not
 yet been signed.  If this is the problem, it may be fixed by signing
 the certificate request at ${pki-uri}, then trying to fetch the
 signed switch certificate again.

Template: openvswitch-switch/complete
Type: note
_Description: OpenFlow Switch Setup Finished
 Setup of this OpenFlow switch is finished.  Complete the setup procedure
 to enable the switch.
Commit	Line	Data
064af421 BP	1	Template: openvswitch-switch/netdevs
	2	Type: multiselect
	3	_Choices: ${choices}
	4	_Description: OpenFlow switch network devices:
	5	Choose the network devices that should become part of the OpenFlow
	6	switch. At least two devices must be selected for this machine to be
	7	a useful switch. Unselecting all network devices will disable the
	8	OpenFlow switch entirely.
	9	.
	10	The network devices that you select should not be configured with IP
	11	or IPv6 addresses, even if the switch contacts the controller over
	12	one of the selected network devices. This is because a running
	13	OpenFlow switch takes over network devices at a low level: they
	14	become part of the switch and cannot be used for other purposes.
	15
	16	Template: openvswitch-switch/no-netdevs
	17	Type: error
	18	_Description: No network devices were selected.
	19	No network devices were selected for inclusion in the OpenFlow switch.
	20	The switch will be disabled.
	21
	22	Template: openvswitch-switch/configured-netdevs
	23	Type: note
	24	_Description: Some Network Devices Have IP or IPv6 Addresses
	25	The following network devices selected to be part of the OpenFlow switch
	26	have IP or IPv6 addresses configured:
	27	.
	28	${configured-netdevs}
	29	.
	30	This is usually a mistake, even if the switch contacts the controller over
	31	one of the selected network devices. This is because a running
	32	OpenFlow switch takes over network devices at a low level: they
	33	become part of the switch and cannot be used for other purposes.
	34	.
	35	If this is an unintentional mistake, move back and fix the selection,
	36	or de-configure the IP or IPv6 from these network devices.
	37
	38	Template: openvswitch-switch/mode
	39	Type: select
	40	_Choices: discovery, in-band, out-of-band
	41	Default: discovery
	42	_Description: Switch-to-controller access method:
	43	The OpenFlow switch must be able to contact the OpenFlow controller over
	44	the network. It can do so in one of three ways:
	45	.
	46	discovery: A single network is used for OpenFlow traffic and other
	47	data traffic; that is, the switch contacts the controller over one of
	48	the network devices selected as OpenFlow switch network devices in
	49	the previous question. The switch automatically determines the
	50	location of the controller using a DHCP request with an
	51	OpenFlow-specific vendor option. This is the most common case.
	52	.
	53	in-band: As above, but the location of the controller is manually
	54	configured.
	55	.
	56	out-of-band: OpenFlow traffic uses a network separate from the data traffic
	57	that it controls. If this is the case, the control network must already
	58	be configured on a network device other than one of those selected as
	59	an OpenFlow switch netdev in the previous question.
	60
	61	Template: openvswitch-switch/discover
	62	Type: note
	63	_Description: Preparing to discover controller.
	64	The setup program will now attempt to discover the OpenFlow controller.
65	Controller discovery may take up to 30 seconds. Please be patient.
66	.
8cd4882f	67	See ovs-openflowd(8) for instructions on how to configure a DHCP server for
064af421 BP	68	controller discovery.
	69
	70	Template: openvswitch-switch/discovery-failure
	71	Type: error
	72	_Description: Controller discovery failed.
	73	The controller's location could not be determined automatically.
	74	.
	75	Ensure that the OpenFlow DHCP server is properly configured. See
8cd4882f	76	ovs-openflowd(8) for instructions on how to configure a DHCP server for
064af421 BP	77	controller discovery.
	78
	79	Template: openvswitch-switch/discovery-success
	80	Type: boolean
	81	Default: true
	82	_Description: Use discovered settings?
	83	Controller discovery obtained the following settings:
	84	.
	85	Controller location: ${controller-vconn}
	86	.
	87	PKI URL: ${pki-uri}
	88	.
	89	Please verify that these settings are correct.
	90
	91	Template: openvswitch-switch/switch-ip
	92	Type: string
	93	Default: dhcp
	94	_Description: Switch IP address:
	95	For in-band communication with the controller, the OpenFlow switch must
	96	be able to determine its own IP address. Its IP address may be configured
	97	statically or dynamically.
	98	.
	99	For static configuration, specify the switch's IP address as a string.
	100	.
	101	For dynamic configuration with DHCP (the most common case), specify "dhcp".
	102	Configuration with DHCP will only work reliably if the network topology
	103	allows the switch to contact the DHCP server before it connects to the
	104	OpenFlow controller.
	105
	106	Template: openvswitch-switch/switch-ip-error
	107	Type: error
	108	_Description: The switch IP address is invalid.
	109	The switch IP address must specified as "dhcp" or a valid IP address in
	110	dotted-octet form (e.g. "1.2.3.4").
	111
	112	Template: openvswitch-switch/controller-vconn
	113	Type: string
	114	_Description: Controller location:
	115	Specify how the OpenFlow switch should connect to the OpenFlow controller.
	116	The value should be in form "ssl:HOST[:PORT]" to connect to the controller
	117	over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over
	118	cleartext TCP.
	119
	120	Template: openvswitch-switch/controller-vconn-error
	121	Type: error
	122	_Description: The controller location is invalid.
	123	The controller location must be specifed as "ssl:HOST[:PORT]" to
	124	connect to the controller over SSL (recommended for security) or
	125	"tcp:HOST[:PORT]" to connect over cleartext TCP.
	126
	127	Template: openvswitch-switch/pki-uri
	128	Type: string
	129	_Description: OpenFlow PKI server host name or URL:
	130	Specify a URL to the OpenFlow public key infrastructure (PKI). If a
	131	host name or IP address is specified in place of a URL, then
	132	http://<host>/openvswitch/pki/ will be used,
	133	where <host> is the specified host name or IP address.
	134	.
	135	The OpenFlow PKI is usually on the same machine as the OpenFlow
	136	controller.
	137	.
	138	The setup process will connect to the OpenFlow PKI server over
	139	HTTP, using the system's configured default HTTP proxy (if any).
	140
141	Template: openvswitch-switch/fetch-cacert-failed
142	Type: error
143	_Description: The switch CA certificate could not be retrieved.
144	Retrieval of ${url} failed, with the following status: "${error}".
145	.
146	Ensure that the OpenFlow PKI server is correctly configured and
147	available at ${pki-uri}. If the system is configured to use an HTTP
148	proxy, also make sure that the HTTP proxy is available and that the
149	PKI server can be reached through it.
150
151	Template: openvswitch-switch/verify-controller-ca
152	Type: select
153	_Choices: yes, no
154	Default: yes
155	_Description: Is ${fingerprint} the controller CA's fingerprint?
156	If a man-in-the-middle attack is possible in your network
157	environment, check that the controller CA's fingerprint is really
158	${fingerprint}. Answer "yes" if it matches, "no" if
159	there is a discrepancy.
160	.
161	If a man-in-the-middle attack is not a concern, there is no need to
162	verify the fingerprint. Simply answer "yes".
163
164	Template: openvswitch-switch/send-cert-req
165	Type: select
166	_Choices: yes, no
167	Default: yes
168	_Description: Send certificate request to switch CA?
169	Before it can connect to the controller over SSL, the OpenFlow
170	switch's key must be signed by the switch certificate authority (CA)
171	located on the OpenFlow PKI server, which is usually collocated with
172	the OpenFlow controller. A signing request can be sent to the PKI
173	server now.
174	.
175	Answer "yes" to send a signing request to the switch CA now. This is
176	ordinarily the correct choice. There is no harm in sending a given
177	signing request more than once.
178	.
179	Answer "no" to skip sending a signing request to the switch CA.
180	Unless the request has already been sent to the switch CA, manual
181	sending of the request and signing will be necessary.
182
183	Template: openvswitch-switch/send-cert-req-failed
184	Type: error
185	_Description: The certificate request could not be sent.
186	Posting to ${url} failed, with the following status: "${error}".
187	.
188	Ensure that the OpenFlow PKI server is correctly configured and
189	available at ${pki-uri}.
190
191	Template: openvswitch-switch/fetch-switch-cert
192	Type: select
193	_Choices: yes, no
194	_Description: Fetch signed switch certificate from PKI server?
195	Before it can connect to the controller over SSL, the OpenFlow
196	switch's key must be signed by the switch certificate authority (CA)
197	located on the OpenFlow PKI server, which is usually collocated with
198	the OpenFlow controller.
199	.
200	At this point, a signing request has been sent to the switch CA (or
201	sending a request has been manually skipped), but the signed
202	certificate has not yet been retrieved. Manual action may need to be
203	taken at the PKI server to approve the signing request.
204	.
205	Answer "yes" to attempt to retrieve the signed switch certificate
206	from the switch CA. If the switch certificate request has been
207	signed at the PKI server, this is the correct choice.
208	.
209	Answer "no" to postpone switch configuration. The configuration
210	process must be restarted later, when the switch certificate request
211	has been signed.
212
213	Template: openvswitch-switch/fetch-switch-cert-failed
214	Type: error
215	_Description: Signed switch certificate could not be retrieved.
216	The signed switch certificate could not be retrieved from the switch
217	CA: retrieval of ${url} failed, with the following status: "${error}".
218	.
219	This probably indicates that the switch's certificate request has not
220	yet been signed. If this is the problem, it may be fixed by signing
221	the certificate request at ${pki-uri}, then trying to fetch the
222	signed switch certificate again.
223
224	Template: openvswitch-switch/complete
225	Type: note
226	_Description: OpenFlow Switch Setup Finished
227	Setup of this OpenFlow switch is finished. Complete the setup procedure
228	to enable the switch.