Thanks, I pushed this to master.
On 9/17/19 7:43 PM, Han Zhou wrote:
On Mon, Sep 16, 2019 at 3:12 PM <amgin...@gmail.com> wrote:
From: Aliasgar Ginwala <aginw...@ebay.com>
When using ssl mode for ovn nb/sb active-standby/cluster db service
models,
northd can use ssl mode too.
e.g. one can pass --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl
Signed-off-by: Aliasgar Ginwala <aginw...@ebay.com>
---
utilities/ovn-ctl | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 4242cd2c8..433ee4f50 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -344,6 +344,15 @@ start_northd () {
if test X"$OVN_NORTHD_LOGFILE" != X; then
set "$@" --log-file=$OVN_NORTHD_LOGFILE
fi
+ if test X"$OVN_NORTHD_SSL_KEY" != X; then
+ set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+ fi
+ if test X"$OVN_NORTHD_SSL_CERT" != X; then
+ set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+ fi
+ if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+ set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+ fi
[ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
@@ -513,6 +522,10 @@ set_defaults () {
OVN_CONTROLLER_SSL_CA_CERT=""
OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
+ OVN_NORTHD_SSL_KEY=""
+ OVN_NORTHD_SSL_CERT=""
+ OVN_NORTHD_SSL_CA_CERT=""
+
DB_SB_CREATE_INSECURE_REMOTE="no"
DB_NB_CREATE_INSECURE_REMOTE="no"
@@ -617,6 +630,9 @@ Options:
--ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
--ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
--ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+ --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+ --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+ --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
--ovn-manage-ovsdb=yes|no Whether or not the OVN databases
should be
automatically started and stopped
along
with ovn-northd. The default is
"yes". If
--
2.20.1 (Apple Git-117)
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Thanks Ali.
Acked-by: Han Zhou <hzh...@ebay.com>
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev