Message ID | 20190916221113.19712-1-amginwal@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev,v1,ovn] ovn-ctl: Support passing ssl certs for northd | expand |
On Mon, Sep 16, 2019 at 3:12 PM <amginwal@gmail.com> wrote: > > From: Aliasgar Ginwala <aginwala@ebay.com> > > When using ssl mode for ovn nb/sb active-standby/cluster db service models, > northd can use ssl mode too. > e.g. one can pass --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and > --ovn-northd-ssl-cert to start northd with ssl > > Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com> > --- > utilities/ovn-ctl | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl > index 4242cd2c8..433ee4f50 100755 > --- a/utilities/ovn-ctl > +++ b/utilities/ovn-ctl > @@ -344,6 +344,15 @@ start_northd () { > if test X"$OVN_NORTHD_LOGFILE" != X; then > set "$@" --log-file=$OVN_NORTHD_LOGFILE > fi > + if test X"$OVN_NORTHD_SSL_KEY" != X; then > + set "$@" --private-key=$OVN_NORTHD_SSL_KEY > + fi > + if test X"$OVN_NORTHD_SSL_CERT" != X; then > + set "$@" --certificate=$OVN_NORTHD_SSL_CERT > + fi > + if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then > + set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT > + fi > > [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER" > > @@ -513,6 +522,10 @@ set_defaults () { > OVN_CONTROLLER_SSL_CA_CERT="" > OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT="" > > + OVN_NORTHD_SSL_KEY="" > + OVN_NORTHD_SSL_CERT="" > + OVN_NORTHD_SSL_CA_CERT="" > + > DB_SB_CREATE_INSECURE_REMOTE="no" > DB_NB_CREATE_INSECURE_REMOTE="no" > > @@ -617,6 +630,9 @@ Options: > --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file > --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file > --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file > + --ovn-northd-ssl-key=KEY OVN Northd SSL private key file > + --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file > + --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file > --ovn-manage-ovsdb=yes|no Whether or not the OVN databases should be > automatically started and stopped along > with ovn-northd. The default is "yes". If > -- > 2.20.1 (Apple Git-117) > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev Thanks Ali. Acked-by: Han Zhou <hzhou8@ebay.com>
Thanks, I pushed this to master. On 9/17/19 7:43 PM, Han Zhou wrote: > On Mon, Sep 16, 2019 at 3:12 PM <amginwal@gmail.com> wrote: >> >> From: Aliasgar Ginwala <aginwala@ebay.com> >> >> When using ssl mode for ovn nb/sb active-standby/cluster db service > models, >> northd can use ssl mode too. >> e.g. one can pass --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and >> --ovn-northd-ssl-cert to start northd with ssl >> >> Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com> >> --- >> utilities/ovn-ctl | 16 ++++++++++++++++ >> 1 file changed, 16 insertions(+) >> >> diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl >> index 4242cd2c8..433ee4f50 100755 >> --- a/utilities/ovn-ctl >> +++ b/utilities/ovn-ctl >> @@ -344,6 +344,15 @@ start_northd () { >> if test X"$OVN_NORTHD_LOGFILE" != X; then >> set "$@" --log-file=$OVN_NORTHD_LOGFILE >> fi >> + if test X"$OVN_NORTHD_SSL_KEY" != X; then >> + set "$@" --private-key=$OVN_NORTHD_SSL_KEY >> + fi >> + if test X"$OVN_NORTHD_SSL_CERT" != X; then >> + set "$@" --certificate=$OVN_NORTHD_SSL_CERT >> + fi >> + if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then >> + set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT >> + fi >> >> [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER" >> >> @@ -513,6 +522,10 @@ set_defaults () { >> OVN_CONTROLLER_SSL_CA_CERT="" >> OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT="" >> >> + OVN_NORTHD_SSL_KEY="" >> + OVN_NORTHD_SSL_CERT="" >> + OVN_NORTHD_SSL_CA_CERT="" >> + >> DB_SB_CREATE_INSECURE_REMOTE="no" >> DB_NB_CREATE_INSECURE_REMOTE="no" >> >> @@ -617,6 +630,9 @@ Options: >> --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file >> --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file >> --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file >> + --ovn-northd-ssl-key=KEY OVN Northd SSL private key file >> + --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file >> + --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file >> --ovn-manage-ovsdb=yes|no Whether or not the OVN databases > should be >> automatically started and stopped > along >> with ovn-northd. The default is > "yes". If >> -- >> 2.20.1 (Apple Git-117) >> >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Thanks Ali. > Acked-by: Han Zhou <hzhou8@ebay.com> > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl index 4242cd2c8..433ee4f50 100755 --- a/utilities/ovn-ctl +++ b/utilities/ovn-ctl @@ -344,6 +344,15 @@ start_northd () { if test X"$OVN_NORTHD_LOGFILE" != X; then set "$@" --log-file=$OVN_NORTHD_LOGFILE fi + if test X"$OVN_NORTHD_SSL_KEY" != X; then + set "$@" --private-key=$OVN_NORTHD_SSL_KEY + fi + if test X"$OVN_NORTHD_SSL_CERT" != X; then + set "$@" --certificate=$OVN_NORTHD_SSL_CERT + fi + if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then + set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT + fi [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER" @@ -513,6 +522,10 @@ set_defaults () { OVN_CONTROLLER_SSL_CA_CERT="" OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT="" + OVN_NORTHD_SSL_KEY="" + OVN_NORTHD_SSL_CERT="" + OVN_NORTHD_SSL_CA_CERT="" + DB_SB_CREATE_INSECURE_REMOTE="no" DB_NB_CREATE_INSECURE_REMOTE="no" @@ -617,6 +630,9 @@ Options: --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file + --ovn-northd-ssl-key=KEY OVN Northd SSL private key file + --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file + --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file --ovn-manage-ovsdb=yes|no Whether or not the OVN databases should be automatically started and stopped along with ovn-northd. The default is "yes". If