Message ID | 20170110024443.7660-1-songy@dtdream.com |
---|---|
State | Changes Requested |
Headers | show |
> From: "e" <songy@dtdream.com> > To: ovs-dev@openvswitch.org > Cc: "e" <songy@dtdream.com> > Sent: Monday, January 9, 2017 9:44:43 PM > Subject: [ovs-dev] [PATCH] ovn-ctl: Modify SYNC FROM connection default protocol to SSL > > This patch is used for the OVSDB HA by pacemaker. > which the master and slave nodes connection use SSL by default > Could you expand on the motivation for changing the default from TCP to SSL? Is it expected that SSL will be more commonly used than TCP? (I would have guessed plain TCP to be more common.) > Signed-off-by: e <songy@dtdream.com> > --- > ovn/utilities/ovn-ctl | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl > index 90d0463..214bbc5 100755 > --- a/ovn/utilities/ovn-ctl > +++ b/ovn/utilities/ovn-ctl > @@ -297,7 +297,7 @@ set_defaults () { > DB_NB_FILE=$dbdir/ovnnb_db.db > DB_NB_ADDR=0.0.0.0 > DB_NB_PORT=6641 > - DB_NB_SYNC_FROM_PROTO=tcp > + DB_NB_SYNC_FROM_PROTO=ssl > DB_NB_SYNC_FROM_ADDR= > DB_NB_SYNC_FROM_PORT=6641 > > @@ -306,7 +306,7 @@ set_defaults () { > DB_SB_FILE=$dbdir/ovnsb_db.db > DB_SB_ADDR=0.0.0.0 > DB_SB_PORT=6642 > - DB_SB_SYNC_FROM_PROTO=tcp > + DB_SB_SYNC_FROM_PROTO=ssl > DB_SB_SYNC_FROM_ADDR= > DB_SB_SYNC_FROM_PORT=6642 > > @@ -409,12 +409,12 @@ File location options: > --db-sb-port=PORT OVN Southbound db ptcp port (default: $DB_SB_PORT) > --ovn-nb-logfile=FILE OVN Northbound log file (default: $OVN_NB_LOGFILE) > --ovn-sb-logfile=FILE OVN Southbound log file (default: $OVN_SB_LOGFILE) > - --db-nb-sync-from-addr=ADDR OVN Northbound active db tcp address (default: > $DB_NB_SYNC_FROM_ADDR) > - --db-nb-sync-from-port=PORT OVN Northbound active db tcp port (default: > $DB_NB_SYNC_FROM_PORT) > + --db-nb-sync-from-addr=ADDR OVN Northbound active db ssl address (default: > $DB_NB_SYNC_FROM_ADDR) It would be better to change this to "IP address" since that is what it is. Same applies for DB_NB_SYNC_FROM_ADDR. > + --db-nb-sync-from-port=PORT OVN Northbound active db ssl port (default: It would be more correct to keep "tcp port", this parameter is actually a TCP port number regardless of whether plain TCP or SSL is being used. Same applies for DB_SB_SYNC_FROM_PROTO. > $DB_NB_SYNC_FROM_PORT) > --db-nb-sync-from-proto=PROTO OVN Northbound active db transport (default: > $DB_NB_SYNC_FROM_PROTO) > --db-nb-create-insecure-remote=yes|no Create ptcp OVN Northbound remote > (default: $DB_NB_CREATE_INSECURE_REMOTE) > - --db-sb-sync-from-addr=ADDR OVN Southbound active db tcp address (default: > $DB_SB_SYNC_FROM_ADDR) > - --db-sb-sync-from-port=ADDR OVN Southbound active db tcp port (default: > $DB_SB_SYNC_FROM_PORT) > + --db-sb-sync-from-addr=ADDR OVN Southbound active db ssl address (default: > $DB_SB_SYNC_FROM_ADDR) > + --db-sb-sync-from-port=ADDR OVN Southbound active db ssl port (default: > $DB_SB_SYNC_FROM_PORT) > --db-sb-sync-from-proto=PROTO OVN Southbound active db transport (default: > $DB_SB_SYNC_FROM_PROTO) > --db-sb-create-insecure-remote=yes|no Create ptcp OVN Southbound remote > (default: $DB_SB_CREATE_INSECURE_REMOTE) > > -- > 2.9.0.windows.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl index 90d0463..214bbc5 100755 --- a/ovn/utilities/ovn-ctl +++ b/ovn/utilities/ovn-ctl @@ -297,7 +297,7 @@ set_defaults () { DB_NB_FILE=$dbdir/ovnnb_db.db DB_NB_ADDR=0.0.0.0 DB_NB_PORT=6641 - DB_NB_SYNC_FROM_PROTO=tcp + DB_NB_SYNC_FROM_PROTO=ssl DB_NB_SYNC_FROM_ADDR= DB_NB_SYNC_FROM_PORT=6641 @@ -306,7 +306,7 @@ set_defaults () { DB_SB_FILE=$dbdir/ovnsb_db.db DB_SB_ADDR=0.0.0.0 DB_SB_PORT=6642 - DB_SB_SYNC_FROM_PROTO=tcp + DB_SB_SYNC_FROM_PROTO=ssl DB_SB_SYNC_FROM_ADDR= DB_SB_SYNC_FROM_PORT=6642 @@ -409,12 +409,12 @@ File location options: --db-sb-port=PORT OVN Southbound db ptcp port (default: $DB_SB_PORT) --ovn-nb-logfile=FILE OVN Northbound log file (default: $OVN_NB_LOGFILE) --ovn-sb-logfile=FILE OVN Southbound log file (default: $OVN_SB_LOGFILE) - --db-nb-sync-from-addr=ADDR OVN Northbound active db tcp address (default: $DB_NB_SYNC_FROM_ADDR) - --db-nb-sync-from-port=PORT OVN Northbound active db tcp port (default: $DB_NB_SYNC_FROM_PORT) + --db-nb-sync-from-addr=ADDR OVN Northbound active db ssl address (default: $DB_NB_SYNC_FROM_ADDR) + --db-nb-sync-from-port=PORT OVN Northbound active db ssl port (default: $DB_NB_SYNC_FROM_PORT) --db-nb-sync-from-proto=PROTO OVN Northbound active db transport (default: $DB_NB_SYNC_FROM_PROTO) --db-nb-create-insecure-remote=yes|no Create ptcp OVN Northbound remote (default: $DB_NB_CREATE_INSECURE_REMOTE) - --db-sb-sync-from-addr=ADDR OVN Southbound active db tcp address (default: $DB_SB_SYNC_FROM_ADDR) - --db-sb-sync-from-port=ADDR OVN Southbound active db tcp port (default: $DB_SB_SYNC_FROM_PORT) + --db-sb-sync-from-addr=ADDR OVN Southbound active db ssl address (default: $DB_SB_SYNC_FROM_ADDR) + --db-sb-sync-from-port=ADDR OVN Southbound active db ssl port (default: $DB_SB_SYNC_FROM_PORT) --db-sb-sync-from-proto=PROTO OVN Southbound active db transport (default: $DB_SB_SYNC_FROM_PROTO) --db-sb-create-insecure-remote=yes|no Create ptcp OVN Southbound remote (default: $DB_SB_CREATE_INSECURE_REMOTE)
This patch is used for the OVSDB HA by pacemaker. which the master and slave nodes connection use SSL by default Signed-off-by: e <songy@dtdream.com> --- ovn/utilities/ovn-ctl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)