This lets the central controller to push its certificate to the OVN controllers.
Signed-off-by: Gurucharan Shetty <gshe...@nicira.com> --- ovn/controller-vtep/ovn-controller-vtep.8.xml | 5 +++-- ovn/controller-vtep/ovn-controller-vtep.c | 6 ++++++ ovn/controller/ovn-controller.8.xml | 5 +++-- ovn/controller/ovn-controller.c | 6 ++++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/ovn/controller-vtep/ovn-controller-vtep.8.xml b/ovn/controller-vtep/ovn-controller-vtep.8.xml index c924f9f..7540b58 100644 --- a/ovn/controller-vtep/ovn-controller-vtep.8.xml +++ b/ovn/controller-vtep/ovn-controller-vtep.8.xml @@ -38,8 +38,9 @@ name) in IPv4 or IPv6 address format. If <var>ip</var> is an IPv6 address, then wrap <var>ip</var> with square brackets, e.g.: <code>ssl:[::1]:6640</code>. The <code>--private-key</code>, - <code>--certificate</code>, and <code>--ca-cert</code> options are - mandatory when this form is used. + <code>--certificate</code> and either of <code>--ca-cert</code> + or <code>--bootstrap-ca-cert</code> options are mandatory when this + form is used. </p> </li> <li> diff --git a/ovn/controller-vtep/ovn-controller-vtep.c b/ovn/controller-vtep/ovn-controller-vtep.c index 7e98f69..b54b29d 100644 --- a/ovn/controller-vtep/ovn-controller-vtep.c +++ b/ovn/controller-vtep/ovn-controller-vtep.c @@ -163,6 +163,7 @@ parse_options(int argc, char *argv[]) { enum { OPT_PEER_CA_CERT = UCHAR_MAX + 1, + OPT_BOOTSTRAP_CA_CERT, VLOG_OPTION_ENUMS, DAEMON_OPTION_ENUMS }; @@ -176,6 +177,7 @@ parse_options(int argc, char *argv[]) DAEMON_LONG_OPTIONS, STREAM_SSL_LONG_OPTIONS, {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT}, + {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT}, {NULL, 0, NULL, 0} }; char *short_options = ovs_cmdl_long_options_to_short_options(long_options); @@ -212,6 +214,10 @@ parse_options(int argc, char *argv[]) stream_ssl_set_peer_ca_cert_file(optarg); break; + case OPT_BOOTSTRAP_CA_CERT: + stream_ssl_set_ca_cert_file(optarg, true); + break; + case '?': exit(EXIT_FAILURE); diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml index e1cb6a2..19bb5b7 100644 --- a/ovn/controller/ovn-controller.8.xml +++ b/ovn/controller/ovn-controller.8.xml @@ -39,8 +39,9 @@ name) in IPv4 or IPv6 address format. If <var>ip</var> is an IPv6 address, then wrap <var>ip</var> with square brackets, e.g.: <code>ssl:[::1]:6640</code>. The <code>--private-key</code>, - <code>--certificate</code>, and <code>--ca-cert</code> options are - mandatory when this form is used. + <code>--certificate</code> and either of <code>--ca-cert</code> + or <code>--bootstrap-ca-cert</code> options are mandatory when this + form is used. </p> </li> <li> diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c index 34d7660..bcaadcd 100644 --- a/ovn/controller/ovn-controller.c +++ b/ovn/controller/ovn-controller.c @@ -260,6 +260,7 @@ parse_options(int argc, char *argv[]) { enum { OPT_PEER_CA_CERT = UCHAR_MAX + 1, + OPT_BOOTSTRAP_CA_CERT, VLOG_OPTION_ENUMS, DAEMON_OPTION_ENUMS }; @@ -271,6 +272,7 @@ parse_options(int argc, char *argv[]) DAEMON_LONG_OPTIONS, STREAM_SSL_LONG_OPTIONS, {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT}, + {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT}, {NULL, 0, NULL, 0} }; char *short_options = ovs_cmdl_long_options_to_short_options(long_options); @@ -299,6 +301,10 @@ parse_options(int argc, char *argv[]) stream_ssl_set_peer_ca_cert_file(optarg); break; + case OPT_BOOTSTRAP_CA_CERT: + stream_ssl_set_ca_cert_file(optarg, true); + break; + case '?': exit(EXIT_FAILURE); -- 1.7.9.5 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev