Re: [ovs-dev] [PATCH v1 ovn] ovn-ctl: Support passing ssl certs for northd

Wed, 18 Sep 2019 05:40:33 -0700 

Thanks, I pushed this to master.

On 9/17/19 7:43 PM, Han Zhou wrote:

On Mon, Sep 16, 2019 at 3:12 PM <amgin...@gmail.com> wrote:


From: Aliasgar Ginwala <aginw...@ebay.com>

When using ssl mode for ovn nb/sb active-standby/cluster db service

models,

northd can use ssl mode too.
e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl

Signed-off-by: Aliasgar Ginwala <aginw...@ebay.com>
---
  utilities/ovn-ctl | 16 ++++++++++++++++
  1 file changed, 16 insertions(+)

diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 4242cd2c8..433ee4f50 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -344,6 +344,15 @@ start_northd () {
          if test X"$OVN_NORTHD_LOGFILE" != X; then
              set "$@" --log-file=$OVN_NORTHD_LOGFILE
          fi
+        if test X"$OVN_NORTHD_SSL_KEY" != X; then
+            set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+        fi
+        if test X"$OVN_NORTHD_SSL_CERT" != X; then
+            set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+        fi
+        if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+            set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+        fi

          [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"

@@ -513,6 +522,10 @@ set_defaults () {
      OVN_CONTROLLER_SSL_CA_CERT=""
      OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""

+    OVN_NORTHD_SSL_KEY=""
+    OVN_NORTHD_SSL_CERT=""
+    OVN_NORTHD_SSL_CA_CERT=""
+
      DB_SB_CREATE_INSECURE_REMOTE="no"
      DB_NB_CREATE_INSECURE_REMOTE="no"

@@ -617,6 +630,9 @@ Options:
    --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
    --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
    --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
    --ovn-manage-ovsdb=yes|no        Whether or not the OVN databases

should be

                                     automatically started and stopped

along

                                     with ovn-northd. The default is

"yes". If

--
2.20.1 (Apple Git-117)

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev


Thanks Ali.
Acked-by: Han Zhou <hzh...@ebay.com>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev



_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev






















					Reply via email to