In the HP VAN SDN Controller, teaming is configured using the REST API. This section describes configuring a controller team using cURL commands.
Team authentication is managed with iptables. The team communication channel is not encrypted. If you deploy the team in a highly secure environment, you can always use standard Linux IPSec functionality to encrypt traffic between the team members.
Install and start three standalone controllers in the network. (See the latest HP VAN SDN Controller Installation Guide.)
Optional: To improve security, you can change the username and password from the default settings on each of the standalone controllers in step 1.
Select any one of the controllers to use for configuring the team.
On the selected controller, acquire an Authentication Token. Use the following cURL command, with the controller IP address, to acquire the token:
curl --noproxy controller_ip
-X POST --fail -ksSfL --url "https://controller_ip
:8443/sdn/v2.0/auth" -H "Content-Type: application/json" --data-binary '{"login": {"domain": "domain
","user": "user
","password": "password
"}}'
NOTE: The default domain and user settings are Examples of cURL commands in this guide use the | |
CAUTION: Credential information (user name, password, domain, and authentication tokens) used in cURL commands might be saved in the command history. For security reasons, HP recommends that you disable command history prior to executing commands containing credential information. | |
For example, in a controller using the default domain, user name, and password, the following command generates the authentication token 1759f214479e4ffd9504acb42123ef40:
curl --noproxy 192.15.135.187 -X POST --fail -ksSfL --url "https://192.15.135.187:8443/sdn/v2.0/auth" -H "Content-Type: application/json" --data-binary '{"login": {"domain": "sdn","user": "sdn","password": "skyline"}}' {"record":{"token":"1759f214479e4ffd9504acb42123ef40", "expiration":1381982391381982399000,"expirationDate":"2014-10-16 20-59-59 -0700", "userId":"b00cb0e94c9441d58011f980cf9635ae","userName":"sdn","domainId": "a6701f6593d84fa5b8f23f9ab4ed69db","domainName":"sdn"}}
Select any active controller to initially configure the team.
Enter the following cURL command:
curl --noproxy member-ip
--header X-Auth-Token:auth_token
--fail -ksS --request POST --url https://ip-addr
:8443/sdn/v2.0/team --data-binary '{"ip":"team-ip
","members": [{"ip":"member-1-ip
"}, {"ip":"member-2-ip
"}, {"ip":"member-3-ip
"}]}}'
NOTE: The | |
After executing the command in step 2, the team elects a team leader. The team leader then configures all team members and normal controller operation begins in the domain. The team creation command does not block until the team creation is complete. You will need to check the status of the system to verify on each controller that the team was successfully created.
Configuration example
This example shows a team of controllers configured with the following team member values:
Domain: sdn
(the default domain name)