Enable ssl for scale test which includes:

rally_ovs/plugins/ovs/deployment/engines/ovn_sandbox_controller.py

@@ -98,13 +98,18 @@ def deploy(self):
         ovs_user = self.config.get("ovs_user", OVS_USER)
         ovs_controller_cidr = self.config.get("controller_cidr")
         net_dev = self.config.get("net_dev", "eth0")
+        ssl = self.config.get("enable_ssl", False)
 
         # start ovn controller with non-root user
         ovs_server = get_updated_server(server, user=ovs_user)
-
-        cmd = "./ovs-sandbox.sh --controller --ovn \
-                            --controller-ip %s --device %s;" % \
-                        (ovs_controller_cidr, net_dev)
+        if ssl:
+            cmd = "./ovs-sandbox.sh --controller --ovn \
+                                --controller-ip %s --device %s --ssl;" % \
+                  (ovs_controller_cidr, net_dev)
+        else:
+            cmd = "./ovs-sandbox.sh --controller --ovn \
+                                --controller-ip %s --device %s;" % \
+                            (ovs_controller_cidr, net_dev)
 
         if install_method == "docker":
             LOG.info("Do not run ssh; deployed by ansible-docker")

rally_ovs/plugins/ovs/deployment/engines/ovs/ovs-sandbox.sh

@@ -105,6 +105,8 @@ Other options:
   --cleanup=SANDBOX    Cleanup the sandbox
   --cleanup-all        Cleanup all sandboxes
   --graceful           Graceful cleanup/stop sandbox
+  --ssl                Enable ssl
+
 EOF
             exit 0
             ;;
@@ -169,6 +171,9 @@ EOF
         -D|--device)
             prev=device
             ;;
+        --ssl)
+            enable_ssl=true
+            ;;
         -*)
             echo "unrecognized option $option (use --help for help)" >&2
             exit 1
@@ -650,31 +655,67 @@ OVN_SB_DB=unix:$sandbox/db-sb.sock; export OVN_SB_DB
 EOF
             . $sandbox_name/sandbox.rc
 
-            # Northbound db server
-            prog_name='ovsdb-server-nb'
-            run_service $prog_name ovsdb-server --detach --no-chdir \
-                --pidfile=$prog_name.pid \
-                --unixctl=$prog_name.ctl \
-                -vconsole:off -vsyslog:off -vfile:info \
-                --log-file=$prog_name.log \
-                --remote=p$OVN_NB_DB \
-                conf-nb.db ovnnb.db
-            pid=`cat $sandbox_name/$prog_name.pid`
-            mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
-
-            # Southbound db server
-            prog_name='ovsdb-server-sb'
-            run_service $prog_name ovsdb-server --detach --no-chdir \
-                --pidfile=$prog_name.pid \
-                --unixctl=$prog_name.ctl \
-                -vconsole:off -vsyslog:off -vfile:info \
-                --log-file=$prog_name.log \
-                --remote="p$OVN_SB_DB" \
-                --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
-                conf-sb.db ovnsb.db
-            pid=`cat $sandbox_name/$prog_name.pid`
-            mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
 
+            if $enable_ssl ; then
+                # Northbound db server
+                prog_name='ovsdb-server-nb'
+                run_service $prog_name ovsdb-server --detach --no-chdir \
+                    --pidfile=$prog_name.pid \
+                    --unixctl=$prog_name.ctl \
+                    -vconsole:off -vsyslog:off -vfile:info \
+                    --log-file=$prog_name.log \
+                    --remote=db:OVN_Northbound,NB_Global,connections \
+                    --private-key=db:OVN_Northbound,SSL,private_key \
+                    --certificate=db:OVN_Northbound,SSL,certificate \
+                    --ca-cert=db:OVN_Northbound,SSL,ca_cert \
+                    --ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols \
+                    --ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers \
+                    --remote=p$OVN_NB_DB ovnnb.db
+                pid=`cat $sandbox_name/$prog_name.pid`
+                mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
+
+                # Southbound db server
+                prog_name='ovsdb-server-sb'
+                run_service $prog_name ovsdb-server --detach --no-chdir \
+                    --pidfile=$prog_name.pid \
+                    --unixctl=$prog_name.ctl \
+                    -vconsole:off -vsyslog:off -vfile:info \
+                    --log-file=$prog_name.log \
+                    --remote=db:OVN_Southbound,SB_Global,connections \
+                    --private-key=db:OVN_Southbound,SSL,private_key \
+                    --certificate=db:OVN_Southbound,SSL,certificate \
+                    --ca-cert=db:OVN_Southbound,SSL,ca_cert \
+                    --ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols \
+                    --ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers \
+                    --remote=p$OVN_SB_DB ovnsb.db
+                pid=`cat $sandbox_name/$prog_name.pid`
+                mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
+            else
+                # Northbound db server
+                prog_name='ovsdb-server-nb'
+                run_service $prog_name ovsdb-server --detach --no-chdir \
+                    --pidfile=$prog_name.pid \
+                    --unixctl=$prog_name.ctl \
+                    -vconsole:off -vsyslog:off -vfile:info \
+                    --log-file=$prog_name.log \
+                    --remote=p$OVN_NB_DB \
+                    conf-nb.db ovnnb.db
+                pid=`cat $sandbox_name/$prog_name.pid`
+                mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
+
+                # Southbound db server
+                prog_name='ovsdb-server-sb'
+                run_service $prog_name ovsdb-server --detach --no-chdir \
+                    --pidfile=$prog_name.pid \
+                    --unixctl=$prog_name.ctl \
+                    -vconsole:off -vsyslog:off -vfile:info \
+                    --log-file=$prog_name.log \
+                    --remote="p$OVN_SB_DB" \
+                    --remote=db:Open_vSwitch,Open_vSwitch,manager_options \
+                    conf-sb.db ovnsb.db
+                pid=`cat $sandbox_name/$prog_name.pid`
+                mv $sandbox_name/$prog_name.ctl $sandbox_name/$prog_name.$pid.ctl
+            fi
         fi
     else
         touch "$sandbox"/.conf.db.~lock~
@@ -694,19 +735,35 @@ EOF
 
     # Initialize database.
     if $controller ; then
-        init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB
-        init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB
+        if $enable_ssl ; then
+            tar -xzvf certs.tar.gz
+            abs_path=`pwd`/certs
+            ovn-nbctl set-ssl $abs_path/ovnnb-privkey.pem  $abs_path/ovnnb-cert.pem \
+                $abs_path/cacert.pem
+            ovn-nbctl set-connection pssl:6641:127.0.0.1
+            ovn-sbctl set-ssl $abs_path/ovnsb-privkey.pem  $abs_path/ovnsb-cert.pem \
+                $abs_path/cacert.pem
+            ovn-sbctl set-connection pssl:6642:$CON_IP
+            ovn-sbctl set conn . inactivity_probe=0
+        else
+            init_ovsdb_server "ovsdb-server-nb" $OVN_NB_DB
+            init_ovsdb_server "ovsdb-server-sb" $OVN_SB_DB
 
-        ovs-vsctl --db=$OVN_SB_DB --no-wait \
-            -- set open_vswitch .  manager_options=@uuid \
-            -- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0
+            ovs-vsctl --db=$OVN_SB_DB --no-wait \
+                -- set open_vswitch .  manager_options=@uuid \
+                -- --id=@uuid create Manager target="$OVSDB_REMOTE" inactivity_probe=0
+        fi
 
     else
         init_ovsdb_server "ovsdb-server" unix:"$sandbox"/db.sock
         run ovs-vsctl --no-wait set open_vswitch . system-type="sandbox"
 
         if $ovn ; then
-            OVN_REMOTE="tcp:$CON_IP:6640"
+            if $enable_ssl ; then
+                OVN_REMOTE="ssl:$CON_IP:6642"
+            else
+                OVN_REMOTE="tcp:$CON_IP:6640"
+            fi
 
             ip_addr_add $host_ip $device
             SANDBOX_BIND_IP=$host_ip
@@ -756,9 +813,19 @@ function start_ovn {
               --ovnsb-db=$OVN_SB_DB
     else
         if $ovn ; then
-            run_service ovn-controller ovn-controller --detach --no-chdir \
-                    --pidfile \
-                    -vconsole:off -vsyslog:off -vfile:info --log-file
+            if [$enable_ssl = true]; then
+                tar -xzvf certs.tar.gz
+                abs_path=`pwd`/certs
+                run_service ovn-controller ovn-controller \
+                  --private-key=$abs_path/ovn-controller-privkey.pem \
+                  --certificate=$abs_path/ovn-controller-cert.pem \
+                  --ca-cert=$abs_path/cacert.pem --detach --no-chdir \
+                  --pidfile -vconsole:off -vsyslog:off -vfile:info --log-file
+            else
+                run_service ovn-controller ovn-controller --detach --no-chdir \
+                  --pidfile \
+                  -vconsole:off -vsyslog:off -vfile:info --log-file
+            fi
         fi
     fi
 }

rally_ovs/plugins/ovs/deployment/sandbox.py

@@ -73,6 +73,7 @@ def _install_ovs(self, server):
         ovs_server = get_updated_server(server, user=ovs_user)
         self._put_file(ovs_server, "install.sh")
         self._put_file(ovs_server, "ovs-sandbox.sh")
+        self._put_file(ovs_server, "certs.tar.gz")
 
 
         cmds = []

rally_ovs/plugins/ovs/scenarios/sandbox.py

@@ -126,6 +126,7 @@ def _create_sandbox(self, sandbox_create_args):
         start_cidr = sandbox_create_args.get("start_cidr")
         net_dev = sandbox_create_args.get("net_dev", "eth0")
         tag = sandbox_create_args.get("tag", "")
+        ssl = sandbox_create_args.get("enable_ssl", False)
 
         LOG.info("-------> Create sandbox  method: %s" % self.install_method)
         install_method = self.install_method
@@ -159,10 +160,16 @@ def _create_sandbox(self, sandbox_create_args):
 
             cmds = []
             for host_ip in host_ip_list:
-                cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
-                             --host-ip %s/%d --device %s" % \
-                         (controller_ip, host_ip, sandbox_cidr.prefixlen,
-                                net_dev)
+                if ssl:
+                    cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
+                                 --host-ip %s/%d --device %s --ssl" % \
+                          (controller_ip, host_ip, sandbox_cidr.prefixlen,
+                           net_dev)
+                else:
+                    cmd = "./ovs-sandbox.sh --ovn --controller-ip %s \
+                                 --host-ip %s/%d --device %s" % \
+                             (controller_ip, host_ip, sandbox_cidr.prefixlen,
+                                    net_dev)
                 cmds.append(cmd)
 
                 sandboxes["sandbox-%s" % host_ip] = tag