Configuring a controller team

Configuring a controller team
prev	Chapter 9 Team configuration (experimental)	next

In the HP VAN SDN Controller, teaming is configured using the REST API. This section describes configuring a controller team using cURL commands.

Team authentication is managed with iptables. The team communication channel is not encrypted. If you deploy the team in a highly secure environment, you can always use standard Linux IPSec functionality to encrypt traffic between the team members.

Team configuration prerequisites

Install and start three standalone controllers in the network. (See the latest HP VAN SDN Controller Installation Guide.)
Optional: To improve security, you can change the username and password from the default settings on each of the standalone controllers in step 1.
Select any one of the controllers to use for configuring the team.

On the selected controller, acquire an Authentication Token. Use the following cURL command, with the controller IP address, to acquire the token:

curl --noproxy controller_ip -X POST --fail -ksSfL --url "https://controller_ip:8443/sdn/v2.0/auth" -H "Content-Type: application/json" --data-binary '{"login": {"domain": "domain","user": "user","password": "password"}}'



	NOTE: The default domain and user settings are `sdn`. The default password setting is `skyline`. Examples of cURL commands in this guide use the `--noproxy` option, which is appropriate where execution of cURL commands does not need a proxy to access controllers. If your network is set up such that a proxy is needed to access controllers, use the `--proxy` option. For details on cURL proxy options, visit http://curl.haxx.se/docs/manpage.html.



	CAUTION: Credential information (user name, password, domain, and authentication tokens) used in cURL commands might be saved in the command history. For security reasons, HP recommends that you disable command history prior to executing commands containing credential information.

For example, in a controller using the default domain, user name, and password, the following command generates the authentication token 1759f214479e4ffd9504acb42123ef40:

curl --noproxy 192.15.135.187 -X POST --fail -ksSfL 
--url "https://192.15.135.187:8443/sdn/v2.0/auth" 
-H "Content-Type: application/json" 
--data-binary '{"login": {"domain": "sdn","user": "sdn","password": "skyline"}}' 
{"record":{"token":"1759f214479e4ffd9504acb42123ef40",
"expiration":1381982391381982399000,"expirationDate":"2014-10-16 20-59-59 -0700",
"userId":"b00cb0e94c9441d58011f980cf9635ae","userName":"sdn","domainId":
"a6701f6593d84fa5b8f23f9ab4ed69db","domainName":"sdn"}}

Determine the team configuration parameters:
Parameter
Value
Team IP Address
The team IP address is different from the individual controller IP addresses. It is used as a virtual address for connecting to the team leader.

Configuration procedure

Select any active controller to initially configure the team.
Enter the following cURL command:
curl --noproxy member-ip --header X-Auth-Token:auth_token--fail -ksS --request POST --url https://ip-addr:8443/sdn/v2.0/team --data-binary '{"ip":"team-ip","members": [{"ip":"member-1-ip"}, {"ip":"member-2-ip"}, {"ip":"member-3-ip"}]}}'

NOTE: The member-ip should be the IP address of the controller chosen to configure the team.
After executing the command in step 2, the team elects a team leader. The team leader then configures all team members and normal controller operation begins in the domain. The team creation command does not block until the team creation is complete. You will need to check the status of the system to verify on each controller that the team was successfully created.

Configuration example

This example shows a team of controllers configured with the following team member values:

Team IP Address

Member IP Addresses

192.0.2.100

192.0.2.119

192.0.2.125

192.0.2.127

Domain: sdn (the default domain name)

Username: myname

Password: mypass

NOTE: It is not mandatory that the team IP address be in the same subnet as the member IP addresses. Other IP aliases can be used if the appropriate IP routes are present for the addresses to be reachable and usable.

Enter the following cURL command to acquire the authentication token:



	CAUTION: Credential information (user name, password, domain, and authentication tokens) used in cURL commands might be saved in the command history. For security reasons, HP recommends that you disable command history prior to executing commands containing credential information.

curl --noproxy 192.0.2.119 -X POST --fail -ksSfL 
--url "https:// 192.0.2.119:8443/sdn/v2.0/auth" 
-H "Content-Type: application/json" 
--data-binary '{"login": {"domain": "sdn","user": "myname","password": "mypass"}}' 
{"record":{"token":"10f728e477cb4612b07069f339d0ca29","expiration":
1381119301000,"expirationDate":2013-12-06 21-15-01-0700",
"userId":"51802e12d16345fe9a4389290c1a04e2","username":"sdn","domainId":
"d45eca9bde1b4dc78bd7dff69ee9440d","domainName":"sdn"}}

Configure the controller team by using the above team values and token to enter the following curl command:

NOTE: The IP address used in this step should be the same as used in step 1.
```
curl --noproxy 192.0.2.119 --header X-Auth-Token: 
10f728e477cb4612b07069f339d0ca29 --fail -ksS --request POST 
--url https://192.0.2.119:8443/sdn/v2.0/team 
--Data-binary '{"team":{"ip":"<team-ip>","members":
```
[{"ip":"<member-1-ip>"},
{"ip":"<member-2-ip>"},
{"ip":"<member-3-ip>"}]}}'
Completing the above steps creates and enables the team.
Possible responses
Since team creation is asynchronous, the response is always 202 unless the ream configuration (JSON) is not valid or there is a problem configuring the local controller. Possible codes are:
202 Accepted
400 Bad request
401 Unauthorized
503 Service unavailable
In case the team is not created in a quorum or if the team is partially created an alert will be posted.
Example of the alert description for team partially created
"Team partially created: [Successes: 192.168.1.1, 192.168.1.2], [Failures: 192.168.1.3]"
The error for failures is not part of the alert, however an entry to the log files will be added with such errors.
Example of the alert description for team creation failed in a quorum
"Team could not be created on a quorum"
To fix the controllers where the create operation failed, the user will have to destroy the team and create it again.

Parameter	Value
Team IP Address	The team IP address is different from the individual controller IP addresses. It is used as a virtual address for connecting to the team leader.



	NOTE: The `member-ip` should be the IP address of the controller chosen to configure the team.

prev	up	next
Requirements for controller teams	home	Displaying team configuration