SD-WAN

 I'm trying to run HP VAN on Ubuntu 12.04, using VMware Fusion and giving the VM plenty of resources (8GB RAM, 4 cores).  The install appears to run to completion but I can't get to the GUI; the log shows some PSQL exceptions that might be the issue.

All browsers fail to connect, reporting:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

The port is not listening:

brandonh@precise:~$ netstat -nl | grep 8843

… and the log shows PostgreSQL errors, which might be the root cause of the breakage:

sudo cat /var/log/sdn/virgo/logs/log.log | grep -i except

[2015-04-14 10:31:22.320] INFO  System Bundle Shutdown       System.out                                                        [EL Info]: UnitOfWork(1494023401)--Communication failure detected when attempting to perform read query outside of a transaction. Attempting to retry query. Error was: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.1.v20130918-f2b9fc5): org.eclipse.persistence.exceptions.DatabaseException

[2015-04-14 10:31:22.320] INFO  System Bundle Shutdown       System.out                                                        Internal Excepion: org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

Full details of the commands I ran are at the bottom.  Anyone have any ideas?  Thanks in advance.

#!/bin/bash

# Install script for HP VAN on Ubuntu 12.04

# Instructions from http://h20564.www2.hp.com/hpsc/doc/public/display?docId=c04495134

# Make sure to transfer over the controller zip first:

# # Transfer over VAN_SDN_Controller_2.4.6_hp-van-sdn-ctlr-2.4.6-x64.zip:

# scp ~/Downloads/VAN_SDN_Controller_2.4.6_hp-van-sdn-ctlr-2.4.6-x64.zip precise:~/

# Give it lots of resources (8 GB RAM, 4 cores); apparently it may not start up w/o enough.

set -e

# To address “failed to Fetch” issues during apt-get update:

sudo rm -rf /var/lib/apt/lists/

sudo apt-get -y update

sudo apt-get install -y python-software-properties ubuntu-cloud-keyring

sudo add-apt-repository -y cloud-archive:icehouse

sudo apt-get -y update

sudo apt-get install -y keystone

sudo apt-get install -y unzip

unzip VAN_SDN_Controller_2.4.6_hp-van-sdn-ctlr-2.4.6-x64.zip

sudo dpkg --unpack hp-sdn-ctl_2.4.6.0627_amd64.deb

sudo apt-get install -f -y

sudo dpkg -l hp-sdn-ctl | grep ii

sudo service sdnc start

sleep 60

sudo service sdnc status | grep running

# Workaround to update python for config_local_keystone script to work:

# See

# Suggestion to run ‘sudo apt-get update after adding icehouse repo”:

# http://h30499.www3.hp.com/t5/SDN-Discussions/Local-keystone-credential-script-fails-with-2-4-3-0595/td-p/6669102#.VS1JoxPF9L4

sudo apt-get upgrade

# Proxy setup:

# Is this needed?

unset https_proxy http_proxy

sudo /opt/sdn/admin/config_local_keystone

# Try connection, in browser:

https://172.16.49.133:8443/sdn/ui/

# DOES NOT WORK

# Or locally

https://127.0.0.1:8443/sdn/ui/

^{I tried out version 2.4.3 as well, and saw the same error.}

^{If you'd like to try it out, I've posted a script here as a gist:}

^{https://gist.github.com/brandonheller/5192dbe6da1a6c77ce12}

Thanks!

Hi Brandon

The Certifacte signing requirements for a large portion of browsers has recentaly changed, and because of this the orignal self signed version for the SDN Controller conflicts with these browsers minimum requirements. Here is the procedure for manually generating a new self signed certificate.

Bold Italic text is commands

Bold is Important notes

I have indented sample output

The following needs to be done as root hence( I am assuming the account your are using does have sudo premissions for root)

sudo service sdnc stop

Then the following needs to be done as the user which the sdn controller controller runs as(The user is the user sdn by default), since the truststore and keystore must be readable by that user.

Hint to become the user sdn us the following “sudo su – sdn”.

cd /opt/sdn/admin

ls -l *store*

sdn@ubuntu:~/admin$ ls -l *store*

-rw-r----- 1 sdn sdn 1319 Mar 20 14:53 keystore

-rw-r----- 1 sdn sdn  913 Mar 20 14:53 truststore

Note the permissions and ownership of the files

Here we generate a self-signed certificate with a validity period of 1780 days, after moving the old keystore and truststore away.

Note you need to use the password “skyline” below unless you have changed it. I have added it in for clarity in the commands below but it will not show when it is typed.

Leave the password for the key the same as the keystore password.

mv keystore keystore.orig

mv truststore truststore.orig

keytool -genkey -alias serverKey -keyalg rsa -keysize 2048 -keystore keystore -validity  1780

sdn@ubuntu:~/admin$ keytool -genkey -alias serverKey -keyalg rsa -keysize 2048 -keystore keystore

Enter keystore password: skyline

Re-enter new password: skyline

What is your first and last name?

  [Unknown]:  192.168.181.135

What is the name of your organizational unit?

  [Unknown]:  SDNCOE

What is the name of your organization?

  [Unknown]:  HP

What is the name of your City or Locality?

  [Unknown]:  Amstelveen

What is the name of your State or Province?

  [Unknown]:  Noord-Holland

What is the two-letter country code for this unit?

  [Unknown]:  NL

Is CN=192.168.181.135, OU=SDNCOE, O=HP, L=Amstelveen, ST=Noord-Holland, C=NL correct?

  [no]:  y

Enter key password for <serverKey>

        (RETURN if same as keystore password): Just press enter here

sdn@ubuntu:~/admin$

keytool -exportcert -keystore keystore -alias serverKey -file serverkey.cer

sdn@ubuntu:~/admin$ keytool -exportcert -keystore keystore -alias serverKey -file serverkey.cer

Enter keystore password:

Certificate stored in file <serverkey.cer>

sdn@ubuntu:~/admin$

ls -ltr

sdn@ubuntu:~/admin$ ls -ltr

total 15728

-rwxr-x--- 1 sdn sdn      462 Jan 29 12:46 uninstall-dpkg

-rwxr-x--- 1 sdn sdn      486 Jan 29 12:46 startup.sh

-rwxr-x--- 1 sdn sdn     1453 Jan 29 12:46 sdnpass

<SNIP>

-rw-rw-r-- 1 sdn sdn     2257 Apr  9 01:51 keystore

-rw-rw-r-- 1 sdn sdn     1088 Apr  9 01:52 sdn-server.csr

-rw-rw-r-- 1 sdn sdn      903 Apr  9 02:06 serverkey.cer

 Note you need to use the password “skyline” below unless you have changed it. I have added it in for clarity in the commands below but it will not show when it is typed.

keytool -importcert -trustcacerts -keystore truststore -file serverkey.cer -alias CARoot

sdn@ubuntu:~/admin$ keytool -importcert -trustcacerts -keystore truststore -file serverkey.cer -alias CARoot

Enter keystore password: skyline

Re-enter new password: skyline

Owner: CN=192.168.181.135, OU=SDNCOE, O=HP, L=Amstelveen, ST=Noord-Holland, C=NL

Issuer: CN=192.168.181.135, OU=SDNCOE, O=HP, L=Amstelveen, ST=Noord-Holland, C=NL

Serial number: 54a39e23

Valid from: Thu Apr 09 01:51:25 PDT 2015 until: Wed Jul 08 01:51:25 PDT 2015

Certificate fingerprints:

         MD5:  44:02:D6:58:C5:2A:2D:B5:F3:64:9B:40:6D:9B:1D:10

         SHA1: C7:59:89:31:9D:79:C9:D5:3A:22:D7:36:C7:43:2D:1B:88:5B:54:5E

         SHA256: E9:5D:1E:06:02:25:17:3F:C4:D9:97:C4:28:27:E6:87:2F:BC:B4:C9:E1:47:17:57:FF:33:1B:23:86:41:A5:B0

         Signature algorithm name: SHA256withRSA

         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 82 FD 72 7D 83 60 88 C0   DA 67 7D 6A 03 12 11 B7  ..r..`...g.j....

0010: 27 C7 EC D9                                        '...

]

]

Trust this certificate? [no]:  yes

Certificate was added to keystore

sdn@ubuntu:~/admin$

As the user root hence, you might need to type “logout” here to switch to the account you usually log in which has sudo capbilities.

sudo service sdnc start

Kind Regards

Gerhard Roets

HP SDN COE Team