Ссылки:
http://www.openvswitch.org/support/ovscon2016/8/1450-mysore.pdf https://docs.faucet.nz/en/latest/installation.html https://github.com/faucetsdn/faucet https://gist.github.com/cyrenity/397c6baebdc20d9a9e377523f256620e https://github.com/wandsdn/sc18-ansible
Установка faucet:
### https://docs.faucet.nz/en/latest/installation.html#faucet-apt-install
sudo apt-get install curl gnupg apt-transport-https lsb-release
echo "deb https://packagecloud.io/faucetsdn/faucet/$(lsb_release -si | awk '{print tolower($0)}')/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/faucet.list
sudo curl -1sLf https://packagecloud.io/faucetsdn/faucet/gpgkey -o /etc/apt/trusted.gpg.d/faucet.asc
sudo apt-get update
sudo apt-get install faucet-all-in-one
sudo apt-get install faucet
sudo apt-get install gauge
### Настройка Prometheus
vim /etc/default/prometheus
---------------------------
...
ARGS="--config.file=/etc/faucet/prometheus/prometheus.yml"
...
---------------------------
systemctl restart prometheus.service
### настройка grafana
sudo systemctl daemon-reload
sudo systemctl enable grafana-server
sudo systemctl start grafana-server
Сначала загрузите http://localhost:3000 в свой веб-браузер (по умолчанию и имя пользователя, и пароль admin).
Веб-интерфейс сначала предложит нам добавить источник данных.
Используйте следующие настройки:
Name: Prometheus
Type: Prometheus
URL: http://localhost:9090
Нажмите: Save & Test
Далее мы хотим добавить несколько информационных панелей, чтобы позже мы могли просматривать показатели из крана.
Наведите курсор на + кнопку на левой боковой панели в веб-интерфейсе и нажмите Import
https://docs.faucet.nz/en/latest/_static/grafana-dashboards/faucet_instrumentation.json
https://docs.faucet.nz/en/latest/_static/grafana-dashboards/faucet_inventory.json
https://docs.faucet.nz/en/latest/_static/grafana-dashboards/faucet_port_statistics.json
Настройка сервера faucet:
### https://docs.faucet.nz/en/latest/tutorials/first_time.html
### https://docs.faucet.nz/en/latest/configuration.html#configuration-options
Готовим конфиг faucet:
vim /etc/faucet/faucet.yaml
----------------------
---
include:
- acls.yaml
vlans:
office:
vid: 100
description: "office network"
acls_in: [office-vlan-protect]
dps:
sw0:
dp_id: 0x4
hardware: "Open vSwitch"
interfaces:
5:
name: "5"
description: "in5"
native_vlan: office
6:
name: "6"
description: "in6"
native_vlan: office
sw1:
dp_id: 0x1
hardware: "Open vSwitch"
interfaces:
2:
name: "2"
description: "in2"
native_vlan: office
3:
name: "3"
description: "in3"
native_vlan: office
sw2:
dp_id: 0x2
hardware: "Open vSwitch"
interfaces:
2:
name: "2"
description: "in2"
native_vlan: office
3:
name: "3"
description: "in3"
native_vlan: office
sw3:
dp_id: 0x3
hardware: "Open vSwitch"
interfaces:
6:
name: "6"
description: "in6"
native_vlan: office
7:
name: "7"
description: "in7"
native_vlan: office
8:
name: "8"
description: "in8"
native_vlan: office
9:
name: "9"
description: "in9"
native_vlan: office
----------------------
vim /etc/faucet/acls.yaml
-------------------------
---
acls:
office-vlan-protect:
# Prevent IPv4 communication betwen Office/Guest networks
- rule:
actions:
allow: 1 # allow
-------------------------
Проверяем на ошибки конфиг faucet:
check_faucet_config /etc/faucet/faucet.yaml
Логи:
tail /var/log/faucet/faucet.log
journalctl -u faucet.service
Конфиг /etc/faucet/gauge.yaml отвечает за мониторинг faucet(grafana и prometheus).
Настройка openwswitch на клиентах:
### https://docs.faucet.nz/en/latest/vendors/ovs/faucet_testing_with_OVS_on_hardware.html?highlight=openvswitch#commands-on-open-vswitch Установка пакетов: apt-get install openvswitch-switch systemctl status openvswitch-switch.service Создание бриджа и добавление портов: ovs-vsctl add-br ovsbr0 ovs-vsctl add-port ovsbr0 ens3 -- set Interface ens3 ofport_request=1 ovs-vsctl add-port ovsbr0 ens4 -- set Interface ens4 ofport_request=2 ovs-vsctl add-port ovsbr0 ens5 -- set Interface ens5 ofport_request=3 ovs-vsctl add-port ovsbr0 ens6 -- set Interface ens6 ofport_request=4 ovs-vsctl set-fail-mode ovsbr0 secure ovs-vsctl set bridge ovsbr0 protocols=OpenFlow13,OpenFlow10 ovs-vsctl set-controller ovsbr0 tcp:172.16.0.1:6636 tcp:172.16.0.1:6637 Получаем инфу по клиенту: ovs-vsctl get bridge ovsbr0 datapath_id ovs-vsctl show Изменить настройку fail_mode: ovs-vsctl set bridge ovsbr0 fail_mode=standalone ovs-vsctl set bridge ovsbr0 fail_mode=secure Очистить настройку fail_mode: ovs-vsctl clear bridge ovsbr0 fail_mode Сменить datapath_id( 0x2 и 0x1 ): ovs-vsctl set bridge ovsbr0 other-config:datapath-id=0000000000000001 ovs-vsctl set bridge ovsbr0 other-config:datapath-id=0000000000000002 Показать информацию о бридже и портах: ovs-vsctl get Interface ens4 ofport_request ovs-vsctl show ovs-vsctl list port ovs-vsctl list port ovsbr0 ovs-ofctl show ovsbr0 ovs-ofctl dump-tables ovsbr0 ovs-ofctl dump-flows ovsbr0 ovs-ofctl queue-get-config ovsbr0 ovs-vsctl get-controller br0 ovsdb-tool show-log ovs-dpctl show ovsdb-client dump Сброс ovs: ovs-vsctl emer-reset
Удачное подключение выглядит так:
#### Так вот
# ovs-vsctl show
55432938-4f67-49b2-983e-bf0bb9f73336
Bridge ovsbr0
Controller "tcp:172.16.0.1:6637"
is_connected: true
Controller "tcp:172.16.0.1:6636"
is_connected: true
### Если нет проверяем соответствие портов
vim /etc/default/faucet
vim /etc/default/gauge
##
ss -tpln
## Логи:
tail /var/log/faucet/faucet.log
journalctl -u faucet.service
