schema: improve OpenFlow support

Signed-off-by: John Crispin <john@phrozen.org>

renderer/renderer.uc

@@ -13,6 +13,8 @@ let conn = ubus ? ubus.connect() : null;
 let capabfile = fs.open("/etc/ucentral/capabilities.json", "r");
 let capab = capabfile ? json(capabfile.read("all")) : null;
 
+let serial = cursor.get("ucentral", "config", "serial");
+
 assert(cursor, "Unable to instantiate uci");
 assert(conn, "Unable to connect to ubus");
 assert(capab, "Unable to load capabilities");
@@ -661,6 +663,7 @@ return {
 			files,
 			shell,
 			routing_table,
+			serial,
 
 			warn: (fmt, ...args) => push(logs, sprintf("[W] (In %s) ", location || '/') + sprintf(fmt, ...args)),
 			info: (fmt, ...args) => push(logs, sprintf("[!] (In %s) ", location || '/') + sprintf(fmt, ...args))

renderer/templates/services/open_flow.uc

@@ -9,8 +9,19 @@
 
 set openvswitch.ovs.disabled=0
 
+set openvswitch.ovs.disabled="0"
+set openvswitch.ovs.ca={{ s(files.add_anonymous(location, 'ca', b64dec(open_flow.ca_certificate))) }}
+set openvswitch.ovs.cert={{ s(files.add_anonymous(location, 'cert', b64dec(open_flow.server_certificate))) }}
+set openvswitch.ovs.key={{ s(files.add_anonymous(location, 'key', b64dec(open_flow.private_key))) }}
+
 delete openvswitch.@ovs_bridge[0]
 add openvswitch ovs_bridge
-set openvswitch.@ovs_bridge[-1].controller="tcp:{{open_flow.controller }}"
+set openvswitch.@ovs_bridge[-1].controller="ssl:{{ open_flow.controller }}"
+set openvswitch.@ovs_bridge[-1].datapath_id="0x{{ serial }}"
 set openvswitch.@ovs_bridge[-1].name="br-ovs"
-add_list openvswitch.@ovs_bridge[-1].ports="gw0:internal"
+
+add openvswitch ovs_port
+set openvswitch.@ovs_port[-1].bridge="br-ovs"
+set openvswitch.@ovs_port[-1].port="gw0"
+set openvswitch.@ovs_port[-1].ofport="1"
+set openvswitch.@ovs_port[-1].type="internal"

schema/service.open-flow.yml

@@ -8,3 +8,15 @@ properties:
     type: string
     uc-format: cidr
     example: 192.168.10.1
+  ca-certificate:
+    description:
+       The local servers CA bundle.
+    type: string
+  server-certificate:
+    description:
+       The local servers certificate.
+    type: string
+  private-key:
+    description:
+      The local servers private key/
+    type: string

schemareader.uc

@@ -4339,6 +4339,39 @@ function instantiateServiceOpenFlow(location, value, errors) {
 			obj.controller = parseController(location + "/controller", value["controller"], errors);
 		}
 
+		function parseCaCertificate(location, value, errors) {
+			if (type(value) != "string")
+				push(errors, [ location, "must be of type string" ]);
+
+			return value;
+		}
+
+		if (exists(value, "ca-certificate")) {
+			obj.ca_certificate = parseCaCertificate(location + "/ca-certificate", value["ca-certificate"], errors);
+		}
+
+		function parseServerCertificate(location, value, errors) {
+			if (type(value) != "string")
+				push(errors, [ location, "must be of type string" ]);
+
+			return value;
+		}
+
+		if (exists(value, "server-certificate")) {
+			obj.server_certificate = parseServerCertificate(location + "/server-certificate", value["server-certificate"], errors);
+		}
+
+		function parsePrivateKey(location, value, errors) {
+			if (type(value) != "string")
+				push(errors, [ location, "must be of type string" ]);
+
+			return value;
+		}
+
+		if (exists(value, "private-key")) {
+			obj.private_key = parsePrivateKey(location + "/private-key", value["private-key"], errors);
+		}
+
 		return obj;
 	}
 

ucentral.schema.json

@@ -1644,6 +1644,15 @@
                     "type": "string",
                     "uc-format": "cidr",
                     "example": "192.168.10.1"
+                },
+                "ca-certificate": {
+                    "type": "string"
+                },
+                "server-certificate": {
+                    "type": "string"
+                },
+                "private-key": {
+                    "type": "string"
                 }
             }
         },