From 3f3294222c5b5487945d3ae69c294404d5eeb25c Mon Sep 17 00:00:00 2001
From: Justin Pettit <jpettit@nicira.com>
Date: Wed, 11 Mar 2009 17:09:21 -0700
Subject: [PATCH] Various fixes for SSL configruation and mgmt id generation.

To configure SSL options in vswitchd, one now uses the "mgmt.ssl" key
prefix.  This commit also fixes a problem where a management id would
change part way through the startup.  Also, documents how to configure
mgmt in vswitch.conf.
---
 vswitchd/bridge.c        | 10 +++++++--
 vswitchd/mgmt.c          | 34 ++++++++++++++++------------
 vswitchd/vswitchd.conf.5 | 48 +++++++++++++++++++++++++++++++++++-----
 3 files changed, 71 insertions(+), 21 deletions(-)

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index 56689b58..2eb6b4c8 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -849,6 +849,7 @@ bridge_reconfigure_one(struct bridge *br)
 
     if (ctl) {
         const char *fail_mode;
+        int max_backoff, probe;
 
         if (!strcmp(ctl, "discover")) {
             ofproto_set_discovery(br->ofproto, true,
@@ -902,10 +903,15 @@ bridge_reconfigure_one(struct bridge *br)
         ofproto_set_failure(br->ofproto,
                             fail_mode && (!strcmp(fail_mode, "standalone") ||
                                           !strcmp(fail_mode, "open")));
+
+        probe = cfg_get_int(0, "%s.inactivity-probe", pfx);
         ofproto_set_probe_interval(br->ofproto,
-                                   cfg_get_int(0, "%s.inactivity-probe", pfx));
+                probe ? probe : cfg_get_int(0, "mgmt.inactivity-probe"));
+
+        max_backoff = cfg_get_int(0, "%s.max-backoff", pfx);      
         ofproto_set_max_backoff(br->ofproto,
-                                cfg_get_int(0, "%s.max-backoff", pfx));
+                max_backoff ? max_backoff : cfg_get_int(0, "mgmt.max-backoff"));
+
         ofproto_set_stp(br->ofproto, cfg_get_bool(0, "%s.stp", pfx));
 
         if (cfg_has("%s.commands.acl", pfx)) {
diff --git a/vswitchd/mgmt.c b/vswitchd/mgmt.c
index 4f7009cb..4a0de348 100644
--- a/vswitchd/mgmt.c
+++ b/vswitchd/mgmt.c
@@ -25,9 +25,12 @@
  *
  */
 
+#include <config.h>
+
 #include <arpa/inet.h>
 #include <assert.h>
 #include <errno.h>
+#include <stdlib.h>
 
 #include "bridge.h"
 #include "cfg.h"
@@ -41,6 +44,7 @@
 #include "rconn.h"
 #include "svec.h"
 #include "vconn.h"
+#include "vconn-ssl.h"
 #include "vswitchd.h"
 #include "xtoxll.h"
 
@@ -48,7 +52,7 @@
 #include "vlog.h"
 
 #define MAX_BACKOFF_DEFAULT 15
-#define PROBE_INTERVAL_DEFAULT 15
+#define INACTIVITY_PROBE_DEFAULT 15
 
 static struct svec mgmt_cfg;
 static uint8_t cfg_cookie[CFG_COOKIE_LEN];
@@ -105,17 +109,17 @@ bridge_configure_ssl(void)
     static char *certificate_file;
     static char *cacert_file;
 
-    if (config_string_change("ssl.private-key", &private_key_file)) {
+    if (config_string_change("mgmt.ssl.private-key", &private_key_file)) {
         vconn_ssl_set_private_key_file(private_key_file);
     }
 
-    if (config_string_change("ssl.certificate", &certificate_file)) {
+    if (config_string_change("mgmt.ssl.certificate", &certificate_file)) {
         vconn_ssl_set_certificate_file(certificate_file);
     }
 
-    if (config_string_change("ssl.ca-cert", &cacert_file)) {
+    if (config_string_change("mgmt.ssl.ca-cert", &cacert_file)) {
         vconn_ssl_set_ca_cert_file(cacert_file,
-                                   cfg_get_bool(0, "ssl.bootstrap-ca-cert"));
+                cfg_get_bool(0, "mgmt.ssl.bootstrap-ca-cert"));
     }
 }
 #endif
@@ -128,7 +132,7 @@ mgmt_reconfigure(void)
     bool cfg_updated = false;
     const char *controller_name;
     int max_backoff;
-    int probe_interval;
+    int inactivity_probe;
     int retval;
 
     if (!cfg_has_section("mgmt")) {
@@ -177,18 +181,20 @@ mgmt_reconfigure(void)
         max_backoff = 3600;
     }
 
-    probe_interval = cfg_get_int(0, "mgmt.probe-interval");
-    if (probe_interval < 5) {
-        probe_interval = MAX_BACKOFF_DEFAULT;
+    inactivity_probe = cfg_get_int(0, "mgmt.inactivity-probe");
+    if (inactivity_probe < 5) {
+        inactivity_probe = INACTIVITY_PROBE_DEFAULT;
     }
 
     /* xxx If this changes, we need to restart bridges to use new id,
      * xxx but they need the id before the connect to controller, but we
      * xxx need their dpids. */
-    mgmt_id = cfg_get_mac(0, "mgmt.id");
-    if (!mgmt_id) {
-        /* Randomly generate a mgmt id */
-        mgmt_id = pick_fallback_mgmt_id();
+    /* Check if a different mgmt id has been assigned. */
+    if (cfg_has("mgmt.id")) {
+        uint64_t cfg_mgmt_id = cfg_get_mac(0, "mgmt.id");
+        if (cfg_mgmt_id != mgmt_id) {
+            mgmt_id = cfg_mgmt_id;
+        }
     }
 
     svec_swap(&new_cfg, &mgmt_cfg);
@@ -203,7 +209,7 @@ mgmt_reconfigure(void)
         rconn_destroy(mgmt_rconn);
         mgmt_rconn = NULL;
     }
-    mgmt_rconn = rconn_create(probe_interval, max_backoff);
+    mgmt_rconn = rconn_create(inactivity_probe, max_backoff);
     if (controller_name) {
         retval = rconn_connect(mgmt_rconn, controller_name);
         if (retval == EAFNOSUPPORT) {
diff --git a/vswitchd/vswitchd.conf.5 b/vswitchd/vswitchd.conf.5
index 00c5c378..92c16e19 100644
--- a/vswitchd/vswitchd.conf.5
+++ b/vswitchd/vswitchd.conf.5
@@ -57,7 +57,7 @@ Blank lines, lines that consist only of white space, and lines that
 begin with \fB#\fR (optionally preceded by white space) are ignored.
 .PP
 The following subsections describe how key-value pairs are used to
-configure \fBswitchd\fR.
+configure \fBvswitchd\fR.
 .SS "Bridge Configuration"
 A bridge (switch) with a given \fIname\fR is configured by specifying
 the names of its network devices as values for key
@@ -364,13 +364,51 @@ collector \fBnflow.example.com\fR on UDP port \fB9995\fR:
 [netflow "mybr"]
         host = nflow.example.com:9995
 
+.fi
+.RE
+.SS "Remote Management"
+A \fBvswitchd\fR instance may be remotely managed by a controller that
+supports the OpenFlow Management Protocol, such as NOX.  This
+functionality is enabled by setting \fBmgmt.controller\fR to one of the
+following forms:
+.
+.TP
+\fBssl:\fIhost\fR[\fB:\fIport\fR]
+The specified SSL \fIport\fR (default: 6633) on the given remote
+\fIhost\fR.  The \fBmgmt.ssl.private-key\fR, \fBmgmt.ssl.certificate\fR,
+and \fBmgmt.ssl.ca-cert\fR keys must be set appropriately.  If the
+\fBmgmt.ssl.bootstrap-ca-cert\fR key is set to "true", then
+\fBvswitchd\fR will attempt to obtain the CA certificate from the
+controller.
+.
+.TP
+\fBtcp:\fIhost\fR[\fB:\fIport\fR]
+The specified TCP \fIport\fR (default: 6633) on the given remote
+\fIhost\fR.
+.PP
+The maximum time between attempts to connect to the controller may be
+specified in integral seconds with the \fBmgmt.max-backoff\fR key.  The
+default maximum backoff is 15 seconds, and the minimum value is 1
+second.
+
+An inactivity probe may be configured with the \fBmgmt.inactivity-probe\fR
+key.  If \fBvswitchd\fR does not communicate with the controller for the
+specified number of seconds, it will send a probe.  If a response is not
+received for an additional amount of that time, \fBvswitchd\fR assumes
+the connection has been broken and attempts to reconnect.  The default
+is 15 seconds, and the minimum value is 5 seconds.
+
+A management id may be specified with the \fBmgmt.id\fR key.  It takes
+an id in the form of a MAC address.  If one is not specified, a random
+id is generated each time \fBvswitchd\fR is started.
 .fi
 .RE
 .SS "OpenFlow controller connectivity"
-By default, \fBvswitchd\fR performs all configured bridging and
-switching locally.  It can also be configured to connect a given
-bridge to an external OpenFlow controller, such as NOX, by setting
-\fBbridge.\fIname\fB.controller\fR to one of the following forms:
+If a remote manager is not configured, \fBvswitchd\fR will perform 
+all configured bridging and switching locally.  It can also be configured 
+to connect a given bridge to an external OpenFlow controller, such as 
+NOX, by setting \fBbridge.\fIname\fB.controller\fR to one of the 
+following forms:
 .
 .TP
 \fBdiscover\fR
-- 
2.30.2