diff mbox series

[ovs-dev,v1,ovn] ovn-ctl: Support passing ssl certs for northd

Message ID 20190916221113.19712-1-amginwal@gmail.com
State Accepted
Headers show
Series [ovs-dev,v1,ovn] ovn-ctl: Support passing ssl certs for northd | expand

Commit Message

aginwala aginwala Sept. 16, 2019, 10:11 p.m. UTC 
From: Aliasgar Ginwala <aginwala@ebay.com>

When using ssl mode for ovn nb/sb active-standby/cluster db service models,
northd can use ssl mode too.
e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl

Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com>
---
 utilities/ovn-ctl | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

Comments

Han Zhou Sept. 17, 2019, 11:43 p.m. UTC | #1 
On Mon, Sep 16, 2019 at 3:12 PM <amginwal@gmail.com> wrote:
>
> From: Aliasgar Ginwala <aginwala@ebay.com>
>
> When using ssl mode for ovn nb/sb active-standby/cluster db service
models,
> northd can use ssl mode too.
> e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
> --ovn-northd-ssl-cert to start northd with ssl
>
> Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com>
> ---
>  utilities/ovn-ctl | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
> index 4242cd2c8..433ee4f50 100755
> --- a/utilities/ovn-ctl
> +++ b/utilities/ovn-ctl
> @@ -344,6 +344,15 @@ start_northd () {
>          if test X"$OVN_NORTHD_LOGFILE" != X; then
>              set "$@" --log-file=$OVN_NORTHD_LOGFILE
>          fi
> +        if test X"$OVN_NORTHD_SSL_KEY" != X; then
> +            set "$@" --private-key=$OVN_NORTHD_SSL_KEY
> +        fi
> +        if test X"$OVN_NORTHD_SSL_CERT" != X; then
> +            set "$@" --certificate=$OVN_NORTHD_SSL_CERT
> +        fi
> +        if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
> +            set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
> +        fi
>
>          [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
>
> @@ -513,6 +522,10 @@ set_defaults () {
>      OVN_CONTROLLER_SSL_CA_CERT=""
>      OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
>
> +    OVN_NORTHD_SSL_KEY=""
> +    OVN_NORTHD_SSL_CERT=""
> +    OVN_NORTHD_SSL_CA_CERT=""
> +
>      DB_SB_CREATE_INSECURE_REMOTE="no"
>      DB_NB_CREATE_INSECURE_REMOTE="no"
>
> @@ -617,6 +630,9 @@ Options:
>    --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
>    --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
>    --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
> +  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
> +  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
> +  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
>    --ovn-manage-ovsdb=yes|no        Whether or not the OVN databases
should be
>                                     automatically started and stopped
along
>                                     with ovn-northd. The default is
"yes". If
> --
> 2.20.1 (Apple Git-117)
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Thanks Ali.
Acked-by: Han Zhou <hzhou8@ebay.com>
Mark Michelson Sept. 18, 2019, 12:33 p.m. UTC | #2 
Thanks, I pushed this to master.

On 9/17/19 7:43 PM, Han Zhou wrote:
> On Mon, Sep 16, 2019 at 3:12 PM <amginwal@gmail.com> wrote:
>>
>> From: Aliasgar Ginwala <aginwala@ebay.com>
>>
>> When using ssl mode for ovn nb/sb active-standby/cluster db service
> models,
>> northd can use ssl mode too.
>> e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
>> --ovn-northd-ssl-cert to start northd with ssl
>>
>> Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com>
>> ---
>>   utilities/ovn-ctl | 16 ++++++++++++++++
>>   1 file changed, 16 insertions(+)
>>
>> diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
>> index 4242cd2c8..433ee4f50 100755
>> --- a/utilities/ovn-ctl
>> +++ b/utilities/ovn-ctl
>> @@ -344,6 +344,15 @@ start_northd () {
>>           if test X"$OVN_NORTHD_LOGFILE" != X; then
>>               set "$@" --log-file=$OVN_NORTHD_LOGFILE
>>           fi
>> +        if test X"$OVN_NORTHD_SSL_KEY" != X; then
>> +            set "$@" --private-key=$OVN_NORTHD_SSL_KEY
>> +        fi
>> +        if test X"$OVN_NORTHD_SSL_CERT" != X; then
>> +            set "$@" --certificate=$OVN_NORTHD_SSL_CERT
>> +        fi
>> +        if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
>> +            set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
>> +        fi
>>
>>           [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
>>
>> @@ -513,6 +522,10 @@ set_defaults () {
>>       OVN_CONTROLLER_SSL_CA_CERT=""
>>       OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
>>
>> +    OVN_NORTHD_SSL_KEY=""
>> +    OVN_NORTHD_SSL_CERT=""
>> +    OVN_NORTHD_SSL_CA_CERT=""
>> +
>>       DB_SB_CREATE_INSECURE_REMOTE="no"
>>       DB_NB_CREATE_INSECURE_REMOTE="no"
>>
>> @@ -617,6 +630,9 @@ Options:
>>     --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
>>     --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
>>     --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
>> +  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
>> +  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
>> +  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
>>     --ovn-manage-ovsdb=yes|no        Whether or not the OVN databases
> should be
>>                                      automatically started and stopped
> along
>>                                      with ovn-northd. The default is
> "yes". If
>> --
>> 2.20.1 (Apple Git-117)
>>
>> _______________________________________________
>> dev mailing list
>> dev@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> 
> Thanks Ali.
> Acked-by: Han Zhou <hzhou8@ebay.com>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
diff mbox series

Patch

diff --git a/utilities/ovn-ctl b/utilities/ovn-ctl
index 4242cd2c8..433ee4f50 100755
--- a/utilities/ovn-ctl
+++ b/utilities/ovn-ctl
@@ -344,6 +344,15 @@  start_northd () {
         if test X"$OVN_NORTHD_LOGFILE" != X; then
             set "$@" --log-file=$OVN_NORTHD_LOGFILE
         fi
+        if test X"$OVN_NORTHD_SSL_KEY" != X; then
+            set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+        fi
+        if test X"$OVN_NORTHD_SSL_CERT" != X; then
+            set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+        fi
+        if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+            set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+        fi
 
         [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -513,6 +522,10 @@  set_defaults () {
     OVN_CONTROLLER_SSL_CA_CERT=""
     OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
 
+    OVN_NORTHD_SSL_KEY=""
+    OVN_NORTHD_SSL_CERT=""
+    OVN_NORTHD_SSL_CA_CERT=""
+
     DB_SB_CREATE_INSECURE_REMOTE="no"
     DB_NB_CREATE_INSECURE_REMOTE="no"
 
@@ -617,6 +630,9 @@  Options:
   --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
   --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
   --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
   --ovn-manage-ovsdb=yes|no        Whether or not the OVN databases should be
                                    automatically started and stopped along
                                    with ovn-northd. The default is "yes". If