Template: openvswitch-switch/netdevs Type: multiselect _Choices: ${choices} _Description: OpenFlow switch network devices: Choose the network devices that should become part of the OpenFlow switch. At least two devices must be selected for this machine to be a useful switch. Unselecting all network devices will disable the OpenFlow switch entirely. . The network devices that you select should not be configured with IP or IPv6 addresses, even if the switch contacts the controller over one of the selected network devices. This is because a running OpenFlow switch takes over network devices at a low level: they become part of the switch and cannot be used for other purposes. Template: openvswitch-switch/no-netdevs Type: error _Description: No network devices were selected. No network devices were selected for inclusion in the OpenFlow switch. The switch will be disabled. Template: openvswitch-switch/configured-netdevs Type: note _Description: Some Network Devices Have IP or IPv6 Addresses The following network devices selected to be part of the OpenFlow switch have IP or IPv6 addresses configured: . ${configured-netdevs} . This is usually a mistake, even if the switch contacts the controller over one of the selected network devices. This is because a running OpenFlow switch takes over network devices at a low level: they become part of the switch and cannot be used for other purposes. . If this is an unintentional mistake, move back and fix the selection, or de-configure the IP or IPv6 from these network devices. Template: openvswitch-switch/mode Type: select _Choices: discovery, in-band, out-of-band Default: discovery _Description: Switch-to-controller access method: The OpenFlow switch must be able to contact the OpenFlow controller over the network. It can do so in one of three ways: . discovery: A single network is used for OpenFlow traffic and other data traffic; that is, the switch contacts the controller over one of the network devices selected as OpenFlow switch network devices in the previous question. The switch automatically determines the location of the controller using a DHCP request with an OpenFlow-specific vendor option. This is the most common case. . in-band: As above, but the location of the controller is manually configured. . out-of-band: OpenFlow traffic uses a network separate from the data traffic that it controls. If this is the case, the control network must already be configured on a network device other than one of those selected as an OpenFlow switch netdev in the previous question. Template: openvswitch-switch/discover Type: note _Description: Preparing to discover controller. The setup program will now attempt to discover the OpenFlow controller. Controller discovery may take up to 30 seconds. Please be patient. . See ovs-openflowd(8) for instructions on how to configure a DHCP server for controller discovery. Template: openvswitch-switch/discovery-failure Type: error _Description: Controller discovery failed. The controller's location could not be determined automatically. . Ensure that the OpenFlow DHCP server is properly configured. See ovs-openflowd(8) for instructions on how to configure a DHCP server for controller discovery. Template: openvswitch-switch/discovery-success Type: boolean Default: true _Description: Use discovered settings? Controller discovery obtained the following settings: . Controller location: ${controller-vconn} . PKI URL: ${pki-uri} . Please verify that these settings are correct. Template: openvswitch-switch/switch-ip Type: string Default: dhcp _Description: Switch IP address: For in-band communication with the controller, the OpenFlow switch must be able to determine its own IP address. Its IP address may be configured statically or dynamically. . For static configuration, specify the switch's IP address as a string. . For dynamic configuration with DHCP (the most common case), specify "dhcp". Configuration with DHCP will only work reliably if the network topology allows the switch to contact the DHCP server before it connects to the OpenFlow controller. Template: openvswitch-switch/switch-ip-error Type: error _Description: The switch IP address is invalid. The switch IP address must specified as "dhcp" or a valid IP address in dotted-octet form (e.g. "1.2.3.4"). Template: openvswitch-switch/controller-vconn Type: string _Description: Controller location: Specify how the OpenFlow switch should connect to the OpenFlow controller. The value should be in form "ssl:IP[:PORT]" to connect to the controller over SSL (recommended for security) or "tcp:IP[:PORT]" to connect over cleartext TCP. Template: openvswitch-switch/controller-vconn-error Type: error _Description: The controller location is invalid. The controller location must be specifed as "ssl:IP[:PORT]" to connect to the controller over SSL (recommended for security) or "tcp:IP[:PORT]" to connect over cleartext TCP. Template: openvswitch-switch/pki-uri Type: string _Description: OpenFlow PKI server host name or URL: Specify a URL to the OpenFlow public key infrastructure (PKI). If a host name or IP address is specified in place of a URL, then http:///openvswitch/pki/ will be used, where is the specified host name or IP address. . The OpenFlow PKI is usually on the same machine as the OpenFlow controller. . The setup process will connect to the OpenFlow PKI server over HTTP, using the system's configured default HTTP proxy (if any). Template: openvswitch-switch/fetch-cacert-failed Type: error _Description: The switch CA certificate could not be retrieved. Retrieval of ${url} failed, with the following status: "${error}". . Ensure that the OpenFlow PKI server is correctly configured and available at ${pki-uri}. If the system is configured to use an HTTP proxy, also make sure that the HTTP proxy is available and that the PKI server can be reached through it. Template: openvswitch-switch/verify-controller-ca Type: select _Choices: yes, no Default: yes _Description: Is ${fingerprint} the controller CA's fingerprint? If a man-in-the-middle attack is possible in your network environment, check that the controller CA's fingerprint is really ${fingerprint}. Answer "yes" if it matches, "no" if there is a discrepancy. . If a man-in-the-middle attack is not a concern, there is no need to verify the fingerprint. Simply answer "yes". Template: openvswitch-switch/send-cert-req Type: select _Choices: yes, no Default: yes _Description: Send certificate request to switch CA? Before it can connect to the controller over SSL, the OpenFlow switch's key must be signed by the switch certificate authority (CA) located on the OpenFlow PKI server, which is usually collocated with the OpenFlow controller. A signing request can be sent to the PKI server now. . Answer "yes" to send a signing request to the switch CA now. This is ordinarily the correct choice. There is no harm in sending a given signing request more than once. . Answer "no" to skip sending a signing request to the switch CA. Unless the request has already been sent to the switch CA, manual sending of the request and signing will be necessary. Template: openvswitch-switch/send-cert-req-failed Type: error _Description: The certificate request could not be sent. Posting to ${url} failed, with the following status: "${error}". . Ensure that the OpenFlow PKI server is correctly configured and available at ${pki-uri}. Template: openvswitch-switch/fetch-switch-cert Type: select _Choices: yes, no _Description: Fetch signed switch certificate from PKI server? Before it can connect to the controller over SSL, the OpenFlow switch's key must be signed by the switch certificate authority (CA) located on the OpenFlow PKI server, which is usually collocated with the OpenFlow controller. . At this point, a signing request has been sent to the switch CA (or sending a request has been manually skipped), but the signed certificate has not yet been retrieved. Manual action may need to be taken at the PKI server to approve the signing request. . Answer "yes" to attempt to retrieve the signed switch certificate from the switch CA. If the switch certificate request has been signed at the PKI server, this is the correct choice. . Answer "no" to postpone switch configuration. The configuration process must be restarted later, when the switch certificate request has been signed. Template: openvswitch-switch/fetch-switch-cert-failed Type: error _Description: Signed switch certificate could not be retrieved. The signed switch certificate could not be retrieved from the switch CA: retrieval of ${url} failed, with the following status: "${error}". . This probably indicates that the switch's certificate request has not yet been signed. If this is the problem, it may be fixed by signing the certificate request at ${pki-uri}, then trying to fetch the signed switch certificate again. Template: openvswitch-switch/complete Type: note _Description: OpenFlow Switch Setup Finished Setup of this OpenFlow switch is finished. Complete the setup procedure to enable the switch.