new1.py for 3 path and 2 host

该博客介绍了如何利用Mininet创建一个包含多个OVSKernelSwitch的OpenFlow网络,并设置远程控制器进行管理。网络中包含了多个主机和交换机,并配置了带宽和延迟的链路。同时,通过多线程模拟了链路故障和恢复的场景,展示了网络的动态调整能力。
#!/usr/bin/python
import sys
sys.path.append('/home/openlab/mininet/')
from mininet.net import Mininet
from mininet.node import Controller, RemoteController, OVSController
from mininet.node import CPULimitedHost, Host, Node
from mininet.node import OVSKernelSwitch, UserSwitch
from mininet.node import IVSSwitch
from mininet.cli import CLI
from mininet.log import setLogLevel, info
from mininet.link import TCLink, Intf
from subprocess import call
import threading
import time

def myNetwork():
    net = Mininet( topo=None,controller=None,ipBase='10.0.0.0/8')
    
    ## specify clearly to use a remote controller instead of the default one 
    c=RemoteController('c','0.0.0.0',6633)
    net.addController(c)

    info( '*** Add switches\n')
    s1 = net.addSwitch('s1', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s2 = net.addSwitch('s2', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s3 = net.addSwitch('s3', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s4 = net.addSwitch('s4', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s5 = net.addSwitch('s5', cls=OVSKernelSwitch,protocols=['OpenFlow13'])

    s6 = net.addSwitch('s6', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s7 = net.addSwitch('s7', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s8 = net.addSwitch('s8', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
    s9 = net.addSwitch('s9', cls=OVSKernelSwitch,protocols=['OpenFlow13'])
 
    info( '*** Add hosts\n')
    h1 = net.addHost('h1', cls=Host, ip='10.0.0.1', defaultRoute=None,mac='00:00:00:00:00:01')
    h2 = net.addHost('h2', cls=Host, ip='10.0.0.2', defaultRoute=None,mac='00:00:00:00:00:02')

    
    info( '*** Add links\n')
    net.addLink(h1, s1)
    net.addLink(h2, s5)

    net.addLink(s1, s2,bw=10, delay='1ms')
    net.addLink(s1, s4,bw=10, delay='1ms')
    #net.addLink(s2, s3,bw=10, delay='1ms')
    #net.addLink(s4, s5,bw=10, delay='1ms')
    net.addLink(s3, s5,bw=10, delay='1ms')

    net.addLink(s1, s6,bw=10, delay='1ms')
    net.addLink(s6, s7,bw=10, delay='1ms')
    net.addLink(s7, s8,bw=10, delay='1ms')
    net.addLink(s8, s9,bw=10, delay='1ms')
    net.addLink(s5, s9,bw=10, delay='1ms')


    ## start switch
    for i in range(1,10):
        net.get("s{}".format(i)).start([])

    info( '*** Starting network\n')
    net.start()

    #into the interactive mode
    def thread1():
        CLI(net)
        net.stop()

    t1 = threading.Thread(target = thread1)
    t1.start()
    def thread2():#kill s1 s4;s2 s3
        time.sleep(15)
        j=0
        k=3
        net.configLinkStatus('s' + str(int(j+1)),'s' + str(int(k+1)),'down')
        net.configLinkStatus('s' + str(int(2)),'s' + str(int(2+1)),'down')        

    t2 = threading.Thread(target = thread2)
    t2.start()

    def thread3():#up s1 s4;s2 s3
        time.sleep(30)
        j=0
        k=3
        net.configLinkStatus('s' + str(int(j+1)),'s' + str(int(k+1)),'up')
        net.configLinkStatus('s' + str(int(2)),'s' + str(int(2+1)),'up')
        #add()    

    t3 = threading.Thread(target = thread3)
    t3.start()

if __name__ == '__main__':
    setLogLevel( 'info' )
    myNetwork()

解释MCP Inspector启动失败的原因: (RAGDB) PS D:\projectWork\AI\MCPTool\RAGDB> uv run mcp dev ./src/RAGdb/__main__.py [09/21/25 18:14:16] INFO Anonymized telemetry enabled. See https://docs.trychroma.com/telemetry for more information. posthog.py:22 DEBUG Starting component System config.py:359 DEBUG Starting component Posthog config.py:359 DEBUG Initializing server 'vectorMemoryDB' server.py:153 DEBUG Registering handler for ListToolsRequest server.py:385 DEBUG Registering handler for CallToolRequest server.py:446 DEBUG Registering handler for ListResourcesRequest server.py:262 DEBUG Registering handler for ReadResourceRequest server.py:290 DEBUG Registering handler for PromptListRequest server.py:234 DEBUG Registering handler for GetPromptRequest server.py:249 DEBUG Registering handler for ListResourceTemplatesRequest server.py:275 DEBUG Starting new HTTPS connection (1): us.i.posthog.com:443 connectionpool.py:1049 Need to install the following packages: @modelcontextprotocol/inspector@0.16.8 Ok to proceed? (y) [09/21/25 18:14:17] DEBUG Incremented Retry for (url='/batch/'): Retry(total=1, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=1, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (2): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:18] DEBUG Incremented Retry for (url='/batch/'): Retry(total=0, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=0, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (3): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:19] INFO Backing off send_request(...) for 0.9s (requests.exceptions.SSLError: HTTPSConnectionPool(host='us.i.posthog.com', port=443): Max retries exceeded with url: /batch/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate _common.py:105 verify failed: self signed certificate in certificate chain (_ssl.c:1002)')))) [09/21/25 18:14:20] DEBUG Starting new HTTPS connection (4): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:21] DEBUG Incremented Retry for (url='/batch/'): Retry(total=1, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=1, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (5): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:22] DEBUG Incremented Retry for (url='/batch/'): Retry(total=0, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=0, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (6): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:23] INFO Backing off send_request(...) for 1.4s (requests.exceptions.SSLError: HTTPSConnectionPool(host='us.i.posthog.com', port=443): Max retries exceeded with url: /batch/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate _common.py:105 verify failed: self signed certificate in certificate chain (_ssl.c:1002)')))) [09/21/25 18:14:25] DEBUG Starting new HTTPS connection (7): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:26] DEBUG Incremented Retry for (url='/batch/'): Retry(total=1, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=1, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (8): us.i.posthog.com:443 connectionpool.py:1049 DEBUG Incremented Retry for (url='/batch/'): Retry(total=0, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=0, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (9): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:27] INFO Backing off send_request(...) for 2.6s (requests.exceptions.SSLError: HTTPSConnectionPool(host='us.i.posthog.com', port=443): Max retries exceeded with url: /batch/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate _common.py:105 verify failed: self signed certificate in certificate chain (_ssl.c:1002)')))) [09/21/25 18:14:30] DEBUG Starting new HTTPS connection (10): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:31] DEBUG Incremented Retry for (url='/batch/'): Retry(total=1, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=1, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (11): us.i.posthog.com:443 connectionpool.py:1049 [09/21/25 18:14:32] DEBUG Incremented Retry for (url='/batch/'): Retry(total=0, connect=2, read=2, redirect=None, status=None) retry.py:521 WARNING Retrying (Retry(total=0, connect=2, read=2, redirect=None, status=None)) after connection broken by 'SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1002)')': connectionpool.py:868 /batch/ DEBUG Starting new HTTPS connection (12): us.i.posthog.com:443 connectionpool.py:1049[09/21/25 18:14:33] ERROR Giving up send_request(...) after 4 tries (requests.exceptions.SSLError: HTTPSConnectionPool(host='us.i.posthog.com', port=443): Max retries exceeded with url: /batch/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate _common.py:120 verify failed: self signed certificate in certificate chain (_ssl.c:1002)'))))
09-22
<think> 我们面对的问题是MCP Inspector启动失败,错误信息指出在连接us.i.posthog.com时出现SSLCertVerificationError,原因是证书验证失败,具体来说是在证书链中发现了自签名证书。这通常意味着SSL/TLS握手过程中,客户端(这里是MCP Inspector)无法验证服务器(us.i.posthog.com)提供的证书链。 根据引用[3],我们注意到启动MCP Inspector的命令需要指定Elasticsearch的URL和API密钥。但是,错误发生在连接PostHog(一个分析服务)时,这说明MCP Inspector除了连接Elasticsearch外,还会连接PostHog服务。 原因分析: 1. **自签名证书问题**:错误信息明确提到“自签名证书在证书链中”。这意味着在验证us.i.posthog.com的证书时,遇到了一个自签名的中间证书或根证书,而该证书不被客户端信任。 - 正常情况下,服务器证书应由受信任的证书颁发机构(CA)签发,并且客户端的信任存储中应包含该CA的根证书。 - 出现自签名证书在证书链中,可能是因为: a) 服务器配置错误,使用了自签名证书或未正确配置证书链。 b) 客户端环境缺少必要的根证书或中间证书。 c) 存在中间人攻击(如公司防火墙拦截并重新签名),但这种情况通常会由公司IT部门告知。 2. **环境问题**:考虑运行MCP Inspector的环境可能缺少必要的根证书。例如,如果是在一个精简的Docker镜像或自定义环境中运行,可能没有安装完整的CA证书包。 3. **网络代理问题**:如果运行环境在企业网络内,可能有一个中间代理在解密HTTPS流量(即SSL拦截),这时代理会使用自签名的CA证书重新签名,而该自签名CA证书未被添加到客户端的信任存储中。 4. **PostHog服务端问题**:虽然PostHog作为公共服务,其证书通常由公认的CA签发,但也不能完全排除其服务端配置临时出现问题。 步骤解决: 1. **验证PostHog证书状态**: 我们可以通过浏览器访问 `https://us.i.posthog.com` 或使用OpenSSL命令检查其证书链: ``` openssl s_client -connect us.i.posthog.com:443 -showcerts ``` 观察证书链是否完整,以及是否由受信任的CA签发。 2. **检查本地信任存储**: 确保运行MCP Inspector的系统拥有最新的CA证书包。在Ubuntu/Debian系统中,可以安装`ca-certificates`包并更新: ```bash sudo apt update sudo apt install --reinstall ca-certificates sudo update-ca-certificates ``` 3. **检查是否受代理影响**: 如果运行环境在企业代理后,需要将代理使用的自签名CA证书添加到系统的信任存储中。通常,IT部门会提供这个证书。添加方法: - 将证书文件(如`proxy-ca.crt`)复制到`/usr/local/share/ca-certificates/` - 运行`sudo update-ca-certificates` 4. **临时禁用证书验证(不推荐,仅用于测试)**: 为了快速验证是否是证书问题,可以尝试临时禁用证书验证。但是,请注意这会降低安全性,只用于诊断。 在Node.js环境中,可以通过设置环境变量`NODE_TLS_REJECT_UNAUTHORIZED=0`来禁用证书验证: ```bash NODE_TLS_REJECT_UNAUTHORIZED=0 ES_URL=... ES_API_KEY=... npm run inspector ``` 如果这样能解决问题,那么确实是证书验证问题,应该通过正确安装缺失的CA证书来解决,而不是长期禁用验证。 5. **检查MCP Inspector的依赖**: 确保使用的`@modelcontextprotocol/inspector`版本没有问题,可能存在特定版本的bug。尝试升级到最新版本(引用[3]中版本是0.13.0,可能已有更新)。 根据引用[3]中给出的命令示例,我们注意到它指定了较旧版本(0.13.0),可能新版本已修复此问题。可以尝试不指定版本安装最新版: ```bash sudo npm install -g @modelcontextprotocol/inspector ``` 总结:证书验证失败通常是由于客户端无法验证服务器证书链的完整性。优先检查系统CA证书的完整性和代理设置。 §§相关问题§§ 1. 如何更新操作系统的CA证书存储? 2. 如何将自定义CA证书添加到Node.js环境的信任存储? 3. 如何诊断Node.js应用中的TLS/SSL连接问题? 4. MCP Inspector除了连接Elasticsearch还会连接哪些外部服务? 5. 如何安全地绕过证书验证进行测试(不推荐生产环境)? </think> ### MCP Inspector启动失败原因分析 根据错误信息`SSLCertVerificationError`(证书验证失败,自签名证书在证书链中),主要原因如下: 1. **SSL证书链不完整** MCP Inspector连接PostHog分析服务(us.i.posthog.com)时,服务器返回的证书链中包含自签名证书。这通常发生在: - 服务器配置错误,未提供完整的信任链证书 - 中间CA证书缺失或未正确安装 $$ \text{完整证书链} = \text{终端证书} + \text{中间证书} + \text{根证书} $$ 自签名证书无法通过标准CA机构的验证[^1]。 2. **本地信任存储问题** Node.js运行环境(MCP Inspector基于Node.js)无法验证证书链,因为: - 系统CA证书库未更新(如缺少ISRG Root X1等新型证书) - 企业防火墙/代理注入的自签名证书未添加到信任库 - Docker环境中基础镜像证书不完整 3. **网络中间人干扰** 企业网络常见的TLS解密代理会将原始证书替换为自签名证书,导致: ```mermaid graph LR A[MCP Inspector] -->|原始请求| B(企业防火墙) B -->|拦截并替换证书| C[PostHog服务器] C -->|返回自签名证书| B B -->|证书验证失败| A ``` 4. **PostHog服务端变更** 公共服务证书轮换可能导致旧版MCP Inspector(引用[3]中v0.13.0)不兼容新证书链,需检查版本兼容性[^3]。 ### 解决方案步骤 1. **更新CA证书存储** ```bash # Ubuntu/Debian sudo apt update && sudo apt install ca-certificates sudo update-ca-certificates --fresh ``` 2. **添加自签名证书到信任库**(仅限测试环境) ```bash export NODE_EXTRA_CA_CERTS=/path/to/custom_cert.pem npm run inspector ``` 3. **禁用证书验证**(临时测试) ```bash # 高风险!仅用于诊断 export NODE_TLS_REJECT_UNAUTHORIZED=0 ES_URL=... ES_API_KEY=... npm run inspector ``` 4. **升级MCP Inspector** ```bash sudo npm install -g @modelcontextprotocol/inspector@latest ``` > **注意**:若在企业网络环境,请联系IT部门获取代理CA证书。公有云环境需确保系统时间同步(NTP服务),证书验证依赖准确时间戳[^2]。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值