socket-util: Move get_mtime() here from stream-ssl.

[openvswitch] / debian / openvswitch-switch-config.templates

Template: openvswitch-switch/netdevs
Type: multiselect
_Choices: ${choices}
_Description: Open vSwitch network devices:
 Choose the network devices that should become part of the Open vSwitch
 instance.  At least two devices must be selected for this machine to be
 a useful switch.  Unselecting all network devices will disable 
 Open vSwitch entirely.
 .
 The network devices that you select should not be configured with IP
 or IPv6 addresses, even if the switch contacts the controller over
 one of the selected network devices.  This is because a running
 Open vSwitch takes over network devices at a low level: they
 become part of the switch and cannot be used for other purposes.

Template: openvswitch-switch/no-netdevs
Type: error
_Description: No network devices were selected.
 No network devices were selected for inclusion in the Open vSwitch
 instance.  The switch will be disabled.

Template: openvswitch-switch/configured-netdevs
Type: note
_Description: Some Network Devices Have IP or IPv6 Addresses
 The following network devices selected to be part of the Open vSwitch
 instance have IP or IPv6 addresses configured:
 .
 ${configured-netdevs}
 .
 This is usually a mistake, even if the switch contacts the controller over
 one of the selected network devices.  This is because running Open vSwitch 
 takes over network devices at a low level: they become part of the switch 
 and cannot be used for other purposes.
 .
 If this is an unintentional mistake, move back and fix the selection,
 or de-configure the IP or IPv6 from these network devices.

Template: openvswitch-switch/mode
Type: select
_Choices: discovery, in-band, out-of-band
Default: discovery
_Description: Switch-to-controller access method:
 Open vSwitch must be able to contact the OpenFlow controller over the 
 network.  It can do so in one of three ways:
 .
 discovery: A single network is used for OpenFlow traffic and other
 data traffic; that is, the switch contacts the controller over one of
 the network devices selected as Open vSwitch network devices in
 the previous question.  The switch automatically determines the
 location of the controller using a DHCP request with an
 OpenFlow-specific vendor option.  This is the most common case.
 .
 in-band: As above, but the location of the controller is manually
 configured.
 .
 out-of-band: OpenFlow traffic uses a network separate from the data traffic
 that it controls.  If this is the case, the control network must already
 be configured on a network device other than one of those selected as
 an Open vSwitch netdev in the previous question.

Template: openvswitch-switch/discover
Type: note
_Description: Preparing to discover controller
 The setup program will now attempt to discover the OpenFlow controller.
 Controller discovery may take up to 30 seconds.  Please be patient.
 .
 See ovs-openflowd(8) for instructions on how to configure a DHCP server for
 controller discovery.

Template: openvswitch-switch/discovery-failure
Type: error
_Description: Controller discovery failed.
 The controller's location could not be determined automatically.
 .
 Ensure that the OpenFlow DHCP server is properly configured.  See
 ovs-openflowd(8) for instructions on how to configure a DHCP server for
 controller discovery.

Template: openvswitch-switch/discovery-success
Type: boolean
Default: true
_Description: Use discovered settings?
 Controller discovery obtained the following settings:
 .
 Controller location: ${controller-vconn}
 .
 PKI URL: ${pki-uri}
 .
 Please verify that these settings are correct.

Template: openvswitch-switch/switch-ip
Type: string
Default: dhcp
_Description: Switch IP address:
 For in-band communication with the controller, the Open vSwitch instance 
 must be able to determine its own IP address.  Its IP address may be 
 configured statically or dynamically.
 .
 For static configuration, specify the switch's IP address as a string.
 .
 For dynamic configuration with DHCP (the most common case), specify "dhcp".
 Configuration with DHCP will only work reliably if the network topology
 allows the switch to contact the DHCP server before it connects to the
 OpenFlow controller.

Template: openvswitch-switch/switch-ip-error
Type: error
_Description: The switch IP address is invalid.
 The switch IP address must specified as "dhcp" or a valid IP address in
 dotted-octet form (e.g. "1.2.3.4").

Template: openvswitch-switch/controller-vconn
Type: string
_Description: Controller location:
 Specify how Open vSwitch should connect to the OpenFlow controller.  The 
 value should be in form "ssl:IP[:PORT]" to connect to the controller
 over SSL (recommended for security) or "tcp:IP[:PORT]" to connect over
 cleartext TCP.

Template: openvswitch-switch/controller-vconn-error
Type: error
_Description: The controller location is invalid.
 The controller location must be specifed as "ssl:IP[:PORT]" to
 connect to the controller over SSL (recommended for security) or
 "tcp:IP[:PORT]" to connect over cleartext TCP.

Template: openvswitch-switch/pki-uri
Type: string
_Description: Open vSwitch PKI server host name or URL:
 Specify a URL to the Open vSwitch public key infrastructure (PKI).  If a
 host name or IP address is specified in place of a URL, then
 http://<host>/openvswitch/pki/ will be used,
 where <host> is the specified host name or IP address.
 .
 The Open vSwitch PKI is usually on the same machine as the OpenFlow
 controller.
 .
 The setup process will connect to the Open vSwitch PKI server over
 HTTP, using the system's configured default HTTP proxy (if any).

Template: openvswitch-switch/fetch-cacert-failed
Type: error
_Description: The switch CA certificate could not be retrieved.
 Retrieval of ${url} failed, with the following status: "${error}".
 .
 Ensure that the Open vSwitch PKI server is correctly configured and
 available at ${pki-uri}.  If the system is configured to use an HTTP
 proxy, also make sure that the HTTP proxy is available and that the
 PKI server can be reached through it.

Template: openvswitch-switch/verify-controller-ca
Type: boolean
Default: true
_Description: Is ${fingerprint} the controller CA's fingerprint?
 If a man-in-the-middle attack is possible in your network
 environment, check that the controller CA's fingerprint is really
 ${fingerprint}.  Answer "true" if it matches, "false" if
 there is a discrepancy.
 .
 If a man-in-the-middle attack is not a concern, there is no need to
 verify the fingerprint.  Simply answer "true".

Template: openvswitch-switch/send-cert-req
Type: boolean
Default: true
_Description: Send certificate request to switch CA?
 Before it can connect to the controller over SSL, the Open vSwitch's
 key must be signed by the switch certificate authority (CA) located 
 on the Open vSwitch PKI server, which is usually collocated with
 the OpenFlow controller.  A signing request can be sent to the PKI
 server now.
 .
 Answer "true" to send a signing request to the switch CA now.  This is
 ordinarily the correct choice.  There is no harm in sending a given
 signing request more than once.
 .
 Answer "false" to skip sending a signing request to the switch CA.
 Unless the request has already been sent to the switch CA, manual
 sending of the request and signing will be necessary.

Template: openvswitch-switch/send-cert-req-failed
Type: error
_Description: The certificate request could not be sent.
 Posting to ${url} failed, with the following status: "${error}".
 .
 Ensure that the Open vSwitch PKI server is correctly configured and
 available at ${pki-uri}.

Template: openvswitch-switch/fetch-switch-cert
Type: boolean
_Description: Fetch signed switch certificate from PKI server?
 Before it can connect to the controller over SSL, the Open vSwitch's
 key must be signed by the switch certificate authority (CA) located 
 on the Open vSwitch PKI server, which is usually collocated with the 
 OpenFlow controller.
 .
 At this point, a signing request has been sent to the switch CA (or
 sending a request has been manually skipped), but the signed
 certificate has not yet been retrieved.  Manual action may need to be
 taken at the PKI server to approve the signing request.
 .
 Answer "true" to attempt to retrieve the signed switch certificate
 from the switch CA.  If the switch certificate request has been
 signed at the PKI server, this is the correct choice.
 .
 Answer "false" to postpone switch configuration.  The configuration
 process must be restarted later, when the switch certificate request
 has been signed.

Template: openvswitch-switch/fetch-switch-cert-failed
Type: error
_Description: Signed switch certificate could not be retrieved.
 The signed switch certificate could not be retrieved from the switch
 CA: retrieval of ${url} failed, with the following status: "${error}".
 .
 This probably indicates that the switch's certificate request has not
 yet been signed.  If this is the problem, it may be fixed by signing
 the certificate request at ${pki-uri}, then trying to fetch the
 signed switch certificate again.

Template: openvswitch-switch/complete
Type: note
_Description: Open vSwitch Setup Finished
 Setup of this Open vSwitch instance is finished.  Complete the setup 
 procedure to enable the switch.