[ovs-dev,v2.11] ovn-ctl: Support passing ssl certs for northd
diff mbox series

Message ID 20190921001247.90876-1-amginwal@gmail.com
State New
Headers show
Series
  • [ovs-dev,v2.11] ovn-ctl: Support passing ssl certs for northd
Related show

Commit Message

aginwala aginwala Sept. 21, 2019, 12:12 a.m. UTC
From: Aliasgar Ginwala <aginwala@ebay.com>

When using ssl mode for ovn nb/sb active-standby/cluster db service models,
northd can use ssl mode too.
e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl

Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com>
Acked-by: Han Zhou <hzhou8@ebay.com>
---
 ovn/utilities/ovn-ctl | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

Comments

0-day Robot Sept. 21, 2019, 12:56 a.m. UTC | #1
Bleep bloop.  Greetings aginwala aginwala, I am a robot and I have tried out your patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


git-am:
Failed to merge in the changes.
Patch failed at 0001 ovn-ctl: Support passing ssl certs for northd
The copy of the patch that failed is found in:
   /var/lib/jenkins/jobs/upstream_build_from_pw/workspace/.git/rebase-apply/patch
When you have resolved this problem, run "git am --resolved".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".


Please check this out.  If you feel there has been an error, please email aconole@redhat.com

Thanks,
0-day Robot
Ben Pfaff Sept. 23, 2019, 9:16 p.m. UTC | #2
On Fri, Sep 20, 2019 at 05:12:47PM -0700, amginwal@gmail.com wrote:
> From: Aliasgar Ginwala <aginwala@ebay.com>
> 
> When using ssl mode for ovn nb/sb active-standby/cluster db service models,
> northd can use ssl mode too.
> e.g. one can pass  --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
> --ovn-northd-ssl-cert to start northd with ssl
> 
> Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com>
> Acked-by: Han Zhou <hzhou8@ebay.com>

Thanks, applied.

Patch
diff mbox series

diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index f1297a262..769c09752 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -314,6 +314,15 @@  start_northd () {
         if test X"$OVN_NORTHD_LOGFILE" != X; then
             set "$@" --log-file=$OVN_NORTHD_LOGFILE
         fi
+        if test X"$OVN_NORTHD_SSL_KEY" != X; then
+            set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+        fi
+        if test X"$OVN_NORTHD_SSL_CERT" != X; then
+            set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+        fi
+        if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+            set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+        fi
 
         [ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
 
@@ -475,6 +484,10 @@  set_defaults () {
     OVN_CONTROLLER_SSL_CA_CERT=""
     OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
 
+    OVN_NORTHD_SSL_KEY=""
+    OVN_NORTHD_SSL_CERT=""
+    OVN_NORTHD_SSL_CA_CERT=""
+
     DB_SB_CREATE_INSECURE_REMOTE="no"
     DB_NB_CREATE_INSECURE_REMOTE="no"
 
@@ -571,6 +584,9 @@  Options:
   --ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
   --ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
   --ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+  --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+  --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+  --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
   --ovn-manage-ovsdb=yes|no        Whether or not the OVN databases should be
                                    automatically started and stopped along
                                    with ovn-northd. The default is "yes". If