ONOS on CentOS7

這篇是紀錄建立單台 onos controller 的文章

Enviroment

OS: CentOS7 x86_64
Network: 192.168.59.202
Account: root

Prepare

1
yum install -y wget net-tools

Firewalld setting

1
2
3
systemctl start firewalld
firewall-cmd --zone=public --add-port=8181/tcp --permanent
firewall-cmd --zone=public --add-port=6633/tcp --permanent
  • Port 8181: ONOS Web server listen port
  • Port 6633: OpenFlow control plane listen port
  • 可利用 firewall-cmd --zone=public --list-all 確認ports狀況

Download ONOS Source

1
2
cd ~/
git clone https://gerrit.onosproject.org/onos

Make directory

1
2
cd ~ && mkdir Downloads Applications
cd Downloads
  • 必要建立, 後面會用到

Install JAVA 8

1
2
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.rpm"
rpm -ivh jdk-8u45-linux-x64.rpm

Download Karaf & Maven

1
2
3
4
wget http://archive.apache.org/dist/karaf/3.0.5/apache-karaf-3.0.5.tar.gz
wget https://archive.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
tar -zxvf apache-karaf-3.0.5.tar.gz -C ../Applications/
tar -zxvf apache-maven-3.3.9-bin.tar.gz -C ../Applications/
  • 建議不要自己改版本, 因為有相依性的問題

bashrc setting

1
2
3
4
5
6
7
8
9
10
11
12
13
cat >> ~/.bashrc << EOF
export ONOS_ROOT=~/onos
source $ONOS_ROOT/tools/dev/bash_profile
export JAVA_HOME=/usr/java/jdk1.8.0_45/
export JRE_HOME=/usr/java/jdk1.8.0_45/jre/
export KARAF_ROOT=/root/Applications/apache-karaf-3.0.5
export M2_HOME=/root/Applications/apache-maven-3.3.9
export ONOS_USER=root
export ONOS_GROUP=root
export ONOS_CELL=sdnds-tw
EOF
source ~/.bashrc

Build ONOS

編譯 onos

1
2
cd ~/onos
mvn clean install

Create a cell definition

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
cat >> ~/onos/tools/test/cells/sdnds-tw << EOF
# ONOS from Scratch tutorial cell
# Cell name
export ONOS_CELL=sdnds-tw
# the address of the VM to install the package onto
export OC1="192.168.59.202"
# the default address used by ONOS utilities when none are supplied
export OCI="192.168.59.202"
# the ONOS apps to load at startup
export ONOS_APPS="drivers,openflow,fwd,proxyarp,mobility"
# the Mininet VM (if you have one)
export OCN="192.168.59.202"
# pattern to specify which address to use for inter-ONOS node communication (not used with single-instance core)
export ONOS_NIC="192.168.59.*"
# User
export ONOS_USER=root
export ONOS_GROUP=root
EOF
cell sdnds-tw

Run ONOS

1
2
onos-setup-karaf clean 192.168.59.202
karaf clean
  • ok clean一樣

Open Web GUI

1
http://192.168.59.202:8181/onos/ui/index.html

Reference

PKI Lab$2 Create Multiple domain (UCC) SSL Certificate

採用

來建立 PKI CA, 必需要有 Root CA, 可參考 [PKI Lab$1 Create Root CA](http://blog.pichuang.com.tw/pki-lab-1-create-root-ca/) 做建立的動作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
### Step by Step
- Setting vars for Root CA
> export KEY_SIZE=2048
export CA_EXPIRE=365
export KEY_EXPIRE=365
export KEY_COUNTRY="TW"
export KEY_PROVINCE="Taiwan"
export KEY_CITY="HsinChu"
export KEY_ORG="Night9 Studios"
export KEY_EMAIL="www@night9.cc"
export KEY_OU="www.night9.cc"
export KEY_NAME=""
export KEY_CN="*.night9.cc"
- [Source](https://github.com/pichuang/easy-rsa/blob/ucc/vars)
- 重點在於 ```KEY_CN```, 此設定可以 match ```www.night9.cc``` ```roan.night9.cc```, 但不能 match ```night9.cc

  • Create UCC Key

    source ./vars
    ./build-key-server *.night9.cc
    \…\

  • Check Root CA key and crt

    ls -la ./keys/*.night9.cc.{key,crt}

    • 建議將 *.night9.cc 做個改名的動作
  • Check *.night9.cc crt Info

    openssl x509 -in *.night9.crt -text -noout

  • Show

Reference

PKI Lab$1 Create Root CA

採用

來建立 PKI CA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
### Step by Step
- Setting vars for Root CA
> export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="TW"
export KEY_PROVINCE="Taiwan"
export KEY_CITY="HsinChu"
export KEY_ORG="Night9 Studios"
export KEY_EMAIL="root@night9.cc"
export KEY_OU="www.night9.cc"
export KEY_NAME=""
export KEY_CN="Night9 Local Authority Root CA"
- [Source](https://github.com/pichuang/easy-rsa/blob/root_ca/vars)
- 上面的寫法參考許多現有的 Root CA 的寫法, 特別是 ```KEY_CN KEY_NAME

  • CA_EXPIRE KEY_EXPIRE 建議設長一點, 如果設太短, 只要 Root CA expire 底下的 key 就得全部重簽
  • Create Root CA

    source ./vars
    ./build-ca
    \…\

  • Check Root CA key and crt

    ls -la ./keys/ca.{key,crt}

  • Check Root CA crt Info

    openssl x509 -in ca.crt -text -noout

  • Show

    • 因為 Root CA 已經是最上層的, 沒人可以幫他驗證, 所以只能自己簽自己

Reference