z.archive.openflowjava-dev@lists.opendaylight.org | Change in openflowjava[master]: Add get configuration function to be able to access the open...

Home Messages Hashtags Subgroups

This group is locked. No changes can be made to the group while it is locked.

Date Date 1 - 3 of 3

Change in openflowjava[master]: Add get configuration function to be able to access the open...

Michal Polkorab #610 Ok, I see. I will merge the patch, but please note reading openflowjava configuration should be fine. But shutting down openflowjava may cause some exceptions in openflowplugin (although recovery should be possible) - so this needs to be thoroughly tested and documented. I would also like to bring back to life one idea I had more than a year ago, when TLS support was being delivered - that is to have one common / shared keystore for all protocols. This shared keystore would be passed down to downstream projects (like openflowjava, bgpcep, netconf, ...) and these downstream projects would use it. We would need some separate bundle (to avoid cyclic dependencies - probably in aaa) that would handle the keystore instance and all downstream projects would depend on this bundle -> they would retrieve the keystore instance and use it. What do you think ? Regards, Michal toggle quoted message Show quoted text From: Mohamed ElSerngawy <melserngawy@...> Sent: 16 December 2015 23:50 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, Sorry I wouldn't be clear enough, if you check the below WIP patch, the user will need to configure the keystore information at compile time or he can create the keystore at runtime https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cert/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/yang/aaa/cert/rev151126/AaaCertProviderModule.java https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cli/src/main/java/org/opendaylight/aaa/cli/CreateODLKeyStore.java https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cert/src/main/config/default-config.xml https://git.opendaylight.org/gerrit/30166 we have 2 cases : 1- if the user already setup the TLS config at 42-openflowplugin.xml so I should check the keystore password and name to be in sequence with my bundle config 2- if the user didn't set the TLS config " which is almost happen as the TLS config not exist by default :) " so I will need to update the connection config and restart the connection again, "same will need if the keystore will create by command not config". hope my use case become clear, if u have any advice please let me know. Thanks On Wed, Dec 16, 2015 at 10:50 AM, Michal Polkoráb <michal.polkorab@...> wrote: Well, there should be this possibility, you would have to call shutdown on desired openflowjava instance, wait for the future to be done, set your ConnectionConfiguration and start the instance again. Although I haven't tested something like this before, as the correct attitude would be to uninstall and install openflowjava/openflowplugin feature again. But the most appropriate attitude is still configuration of openflowjava before it is started. Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 16 December 2015 16:30 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, so as I understand, the user will not need to restart the ODL controller after updating the 42-openflowplugin.xml to be able to establish a TLS connection ? Thanks On Wed, Dec 16, 2015 at 10:16 AM, Michal Polkoráb <michal.polkorab@...> wrote: Continuing discussion here: The idea is we need to let the user be able to create the keystores (ctl.jks & truststore.jks) at runtime , so the user should be able to set the keystore password, dname, ..etc to generate the ctl.jks and he will be able to import the ovs devices certificates to the truststore. As the keystores name and password should be set on the 42-openflowplugin.xml we need to acces this info. Also you might advice, I will try to update the ConnectionConfig to one of the running openflow connections (openflow-switch-connection-provider-default & openflow-switch-connection-provider-legacy) to set the TlsConfig if it is not exist in the 42-openflowplugin.xml but I'm not sure if this will ganna work ? I am still not sure why it isn't enough to check 42-openflowplugin.xml or 42-openflowplugin-new.xml for needed data. Anyway, even if the user creates the data in the runtime, he can use his own passwords, keystores, ... - he doesn't have to use existing passwords, keystores, ... Then he just needs to update the configuration in openflowjava and he is ready to use his configuration and keystores. Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 15 December 2015 20:24 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, would you review and merge this patch https://git.opendaylight.org/gerrit/#/c/31300/ Thanks On Tue, Dec 15, 2015 at 5:23 AM, Gerrit Code Review <gerrit@...> wrote: From Michal Polkorab <michal.polkorab@...>: Michal Polkorab has posted comments on this change. Change subject: Add get configuration function to be able to access the openflow connection config from other bundle ...................................................................... Patch Set 1: what is the reason / usecase for this change ? -- To view, visit https://git.opendaylight.org/gerrit/31300 To unsubscribe, visit https://git.opendaylight.org/gerrit/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2f0b12f1649771226d032ff2644230895e10191b Gerrit-PatchSet: 1 Gerrit-Project: openflowjava Gerrit-Branch: master Gerrit-Owner: Mohamed El-Serngawy <melserngawy@...> Gerrit-Reviewer: Michal Polkorab <michal.polkorab@...> Gerrit-Reviewer: jenkins-releng <jenkins-releng@...> Gerrit-Reviewer: michal rehak <mirehak@...> Gerrit-HasComments: No MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk
Mohamed ElSerngawy <melserngawy@...> #611 Hi Michal, I'm pretty much have the same idea of having a shared keystore bundle used by all others downstream projects, but for the moment just need to depend on openflowjava to test what I'm doing and also it match the usecase I have, then we can re-implement the TLS connection in openflow projects. Thanks toggle quoted message Show quoted text On Thu, Dec 17, 2015 at 4:49 AM, Michal Polkoráb <michal.polkorab@...> wrote: Ok, I see. I will merge the patch, but please note reading openflowjava configuration should be fine. But shutting down openflowjava may cause some exceptions in openflowplugin (although recovery should be possible) - so this needs to be thoroughly tested and documented. I would also like to bring back to life one idea I had more than a year ago, when TLS support was being delivered - that is to have one common / shared keystore for all protocols. This shared keystore would be passed down to downstream projects (like openflowjava, bgpcep, netconf, ...) and these downstream projects would use it. We would need some separate bundle (to avoid cyclic dependencies - probably in aaa) that would handle the keystore instance and all downstream projects would depend on this bundle -> they would retrieve the keystore instance and use it. What do you think ? Regards, Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 16 December 2015 23:50 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, Sorry I wouldn't be clear enough, if you check the below WIP patch, the user will need to configure the keystore information at compile time or he can create the keystore at runtime https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cert/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/yang/aaa/cert/rev151126/AaaCertProviderModule.java https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cli/src/main/java/org/opendaylight/aaa/cli/CreateODLKeyStore.java https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cert/src/main/config/default-config.xml https://git.opendaylight.org/gerrit/30166 we have 2 cases : 1- if the user already setup the TLS config at 42-openflowplugin.xml so I should check the keystore password and name to be in sequence with my bundle config 2- if the user didn't set the TLS config " which is almost happen as the TLS config not exist by default :) " so I will need to update the connection config and restart the connection again, "same will need if the keystore will create by command not config". hope my use case become clear, if u have any advice please let me know. Thanks On Wed, Dec 16, 2015 at 10:50 AM, Michal Polkoráb <michal.polkorab@...> wrote: Well, there should be this possibility, you would have to call shutdown on desired openflowjava instance, wait for the future to be done, set your ConnectionConfiguration and start the instance again. Although I haven't tested something like this before, as the correct attitude would be to uninstall and install openflowjava/openflowplugin feature again. But the most appropriate attitude is still configuration of openflowjava before it is started. Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 16 December 2015 16:30 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, so as I understand, the user will not need to restart the ODL controller after updating the 42-openflowplugin.xml to be able to establish a TLS connection ? Thanks On Wed, Dec 16, 2015 at 10:16 AM, Michal Polkoráb <michal.polkorab@...> wrote: Continuing discussion here: The idea is we need to let the user be able to create the keystores (ctl.jks & truststore.jks) at runtime , so the user should be able to set the keystore password, dname, ..etc to generate the ctl.jks and he will be able to import the ovs devices certificates to the truststore. As the keystores name and password should be set on the 42-openflowplugin.xml we need to acces this info. Also you might advice, I will try to update the ConnectionConfig to one of the running openflow connections (openflow-switch-connection-provider-default & openflow-switch-connection-provider-legacy) to set the TlsConfig if it is not exist in the 42-openflowplugin.xml but I'm not sure if this will ganna work ? I am still not sure why it isn't enough to check 42-openflowplugin.xml or 42-openflowplugin-new.xml for needed data. Anyway, even if the user creates the data in the runtime, he can use his own passwords, keystores, ... - he doesn't have to use existing passwords, keystores, ... Then he just needs to update the configuration in openflowjava and he is ready to use his configuration and keystores. Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 15 December 2015 20:24 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, would you review and merge this patch https://git.opendaylight.org/gerrit/#/c/31300/ Thanks On Tue, Dec 15, 2015 at 5:23 AM, Gerrit Code Review <gerrit@...> wrote: From Michal Polkorab <michal.polkorab@...>: Michal Polkorab has posted comments on this change. Change subject: Add get configuration function to be able to access the openflow connection config from other bundle ...................................................................... Patch Set 1: what is the reason / usecase for this change ? -- To view, visit https://git.opendaylight.org/gerrit/31300 To unsubscribe, visit https://git.opendaylight.org/gerrit/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2f0b12f1649771226d032ff2644230895e10191b Gerrit-PatchSet: 1 Gerrit-Project: openflowjava Gerrit-Branch: master Gerrit-Owner: Mohamed El-Serngawy <melserngawy@...> Gerrit-Reviewer: Michal Polkorab <michal.polkorab@...> Gerrit-Reviewer: jenkins-releng <jenkins-releng@...> Gerrit-Reviewer: michal rehak <mirehak@...> Gerrit-HasComments: No MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk
Michal Polkorab #612 Ok, sounds good. toggle quoted message Show quoted text From: Mohamed ElSerngawy <melserngawy@...> Sent: 17 December 2015 15:56 To: Michal Polkoráb Cc: openflowjava-dev Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, I'm pretty much have the same idea of having a shared keystore bundle used by all others downstream projects, but for the moment just need to depend on openflowjava to test what I'm doing and also it match the usecase I have, then we can re-implement the TLS connection in openflow projects. Thanks On Thu, Dec 17, 2015 at 4:49 AM, Michal Polkoráb <michal.polkorab@...> wrote: Ok, I see. I will merge the patch, but please note reading openflowjava configuration should be fine. But shutting down openflowjava may cause some exceptions in openflowplugin (although recovery should be possible) - so this needs to be thoroughly tested and documented. I would also like to bring back to life one idea I had more than a year ago, when TLS support was being delivered - that is to have one common / shared keystore for all protocols. This shared keystore would be passed down to downstream projects (like openflowjava, bgpcep, netconf, ...) and these downstream projects would use it. We would need some separate bundle (to avoid cyclic dependencies - probably in aaa) that would handle the keystore instance and all downstream projects would depend on this bundle -> they would retrieve the keystore instance and use it. What do you think ? Regards, Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 16 December 2015 23:50 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, Sorry I wouldn't be clear enough, if you check the below WIP patch, the user will need to configure the keystore information at compile time or he can create the keystore at runtime https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cert/src/main/java/org/opendaylight/yang/gen/v1/urn/opendaylight/yang/aaa/cert/rev151126/AaaCertProviderModule.java https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cli/src/main/java/org/opendaylight/aaa/cli/CreateODLKeyStore.java https://git.opendaylight.org/gerrit/#/c/30166/16/aaa-cert/src/main/config/default-config.xml https://git.opendaylight.org/gerrit/30166 we have 2 cases : 1- if the user already setup the TLS config at 42-openflowplugin.xml so I should check the keystore password and name to be in sequence with my bundle config 2- if the user didn't set the TLS config " which is almost happen as the TLS config not exist by default :) " so I will need to update the connection config and restart the connection again, "same will need if the keystore will create by command not config". hope my use case become clear, if u have any advice please let me know. Thanks On Wed, Dec 16, 2015 at 10:50 AM, Michal Polkoráb <michal.polkorab@...> wrote: Well, there should be this possibility, you would have to call shutdown on desired openflowjava instance, wait for the future to be done, set your ConnectionConfiguration and start the instance again. Although I haven't tested something like this before, as the correct attitude would be to uninstall and install openflowjava/openflowplugin feature again. But the most appropriate attitude is still configuration of openflowjava before it is started. Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 16 December 2015 16:30 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, so as I understand, the user will not need to restart the ODL controller after updating the 42-openflowplugin.xml to be able to establish a TLS connection ? Thanks On Wed, Dec 16, 2015 at 10:16 AM, Michal Polkoráb <michal.polkorab@...> wrote: Continuing discussion here: The idea is we need to let the user be able to create the keystores (ctl.jks & truststore.jks) at runtime , so the user should be able to set the keystore password, dname, ..etc to generate the ctl.jks and he will be able to import the ovs devices certificates to the truststore. As the keystores name and password should be set on the 42-openflowplugin.xml we need to acces this info. Also you might advice, I will try to update the ConnectionConfig to one of the running openflow connections (openflow-switch-connection-provider-default & openflow-switch-connection-provider-legacy) to set the TlsConfig if it is not exist in the 42-openflowplugin.xml but I'm not sure if this will ganna work ? I am still not sure why it isn't enough to check 42-openflowplugin.xml or 42-openflowplugin-new.xml for needed data. Anyway, even if the user creates the data in the runtime, he can use his own passwords, keystores, ... - he doesn't have to use existing passwords, keystores, ... Then he just needs to update the configuration in openflowjava and he is ready to use his configuration and keystores. Michal From: Mohamed ElSerngawy <melserngawy@...> Sent: 15 December 2015 20:24 To: Michal Polkoráb Subject: Re: Change in openflowjava[master]: Add get configuration function to be able to access the open... Hi Michal, would you review and merge this patch https://git.opendaylight.org/gerrit/#/c/31300/ Thanks On Tue, Dec 15, 2015 at 5:23 AM, Gerrit Code Review <gerrit@...> wrote: From Michal Polkorab <michal.polkorab@...>: Michal Polkorab has posted comments on this change. Change subject: Add get configuration function to be able to access the openflow connection config from other bundle ...................................................................... Patch Set 1: what is the reason / usecase for this change ? -- To view, visit https://git.opendaylight.org/gerrit/31300 To unsubscribe, visit https://git.opendaylight.org/gerrit/settings Gerrit-MessageType: comment Gerrit-Change-Id: I2f0b12f1649771226d032ff2644230895e10191b Gerrit-PatchSet: 1 Gerrit-Project: openflowjava Gerrit-Branch: master Gerrit-Owner: Mohamed El-Serngawy <melserngawy@...> Gerrit-Reviewer: Michal Polkorab <michal.polkorab@...> Gerrit-Reviewer: jenkins-releng <jenkins-releng@...> Gerrit-Reviewer: michal rehak <mirehak@...> Gerrit-HasComments: No MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk MichalPolkoráb Software Engineer Sídlo / Mlynské Nivy 56 / 821 05 Bratislava / Slovakia R&D centrum / Janka Kráľa 9 / 974 01 Banská Bystrica / Slovakia +421 918 378 907 / michal.polkorab@... reception: +421 2 206 65 114 / www.pantheon.sk

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms