| Message ID | 20230607063333.1239159-2-odivlad@gmail.com |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [ovs-dev,1/2] utilities: add "--detach" option to ovs-ctl | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
| ovsrobot/intel-ovs-compilation | success | test: success |
On Wed, Jun 07, 2023 at 09:33:33AM +0300, Vladislav Odintsov wrote: > It is possible to parametrize ovs-ctl script to start ovsdb-server with > DB_SCHEME other than Open_vSwitch. This scheme may not have currently > required table "SSL" with "key", "cert" and "cacert" columns. > > This patch adds configuration knob "--in-db-ssl", which has default > behavior as it is now: run ovsdb server with ssl options. > > User must pass "--in-db-ssl=no" to run ovsdb-server without these > arguments. > > Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com>
On 6/7/23 08:33, Vladislav Odintsov wrote: > It is possible to parametrize ovs-ctl script to start ovsdb-server with > DB_SCHEME other than Open_vSwitch. This scheme may not have currently > required table "SSL" with "key", "cert" and "cacert" columns. The db-schema option is primarily exists to override the path to the Open_vSwitch schema file, in case of an unconventional installation. It's not for using a completely different schema. Many other parts of the script rely on using ovs-vsctl against a running database. Also, the OVS-ctl name means that this script controls OVS, it's not intended for and shouldn't be used for anything else. Best regards, Ilya Maximets. > > This patch adds configuration knob "--in-db-ssl", which has default > behavior as it is now: run ovsdb server with ssl options. > > User must pass "--in-db-ssl=no" to run ovsdb-server without these > arguments. > > Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> > --- > utilities/ovs-ctl.in | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in > index 72c8881e3..44a6496ef 100644 > --- a/utilities/ovs-ctl.in > +++ b/utilities/ovs-ctl.in > @@ -150,9 +150,11 @@ do_start_ovsdb () { > fi > set "$@" -vconsole:emer -vsyslog:err -vfile:info > set "$@" --remote=punix:"$DB_SOCK" > - set "$@" --private-key=db:Open_vSwitch,SSL,private_key > - set "$@" --certificate=db:Open_vSwitch,SSL,certificate > - set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert > + if test X"$IN_DB_SSL" = Xyes; then > + set "$@" --private-key=db:Open_vSwitch,SSL,private_key > + set "$@" --certificate=db:Open_vSwitch,SSL,certificate > + set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert > + fi > [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER" > [ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS > > @@ -356,6 +358,7 @@ set_defaults () { > DB_SOCK=$rundir/db.sock > DB_SCHEMA=$datadir/vswitch.ovsschema > EXTRA_DBS= > + IN_DB_SSL=yes > > PROTOCOL=gre > DPORT= > @@ -457,6 +460,8 @@ File location options: > --db-file=FILE database file name (default: $DB_FILE) > --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK) > --db-schema=FILE database schema file name (default: $DB_SCHEMA) > + --in-db-ssl=yes|no use ssl key, cert and cacert file paths from Open_vSwitch > + database (default: $IN_DB_SSL) > > Options for "enable-protocol": > --protocol=PROTOCOL protocol to enable with iptables (default: gre)
diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in index 72c8881e3..44a6496ef 100644 --- a/utilities/ovs-ctl.in +++ b/utilities/ovs-ctl.in @@ -150,9 +150,11 @@ do_start_ovsdb () { fi set "$@" -vconsole:emer -vsyslog:err -vfile:info set "$@" --remote=punix:"$DB_SOCK" - set "$@" --private-key=db:Open_vSwitch,SSL,private_key - set "$@" --certificate=db:Open_vSwitch,SSL,certificate - set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert + if test X"$IN_DB_SSL" = Xyes; then + set "$@" --private-key=db:Open_vSwitch,SSL,private_key + set "$@" --certificate=db:Open_vSwitch,SSL,certificate + set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert + fi [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER" [ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS @@ -356,6 +358,7 @@ set_defaults () { DB_SOCK=$rundir/db.sock DB_SCHEMA=$datadir/vswitch.ovsschema EXTRA_DBS= + IN_DB_SSL=yes PROTOCOL=gre DPORT= @@ -457,6 +460,8 @@ File location options: --db-file=FILE database file name (default: $DB_FILE) --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK) --db-schema=FILE database schema file name (default: $DB_SCHEMA) + --in-db-ssl=yes|no use ssl key, cert and cacert file paths from Open_vSwitch + database (default: $IN_DB_SSL) Options for "enable-protocol": --protocol=PROTOCOL protocol to enable with iptables (default: gre)
It is possible to parametrize ovs-ctl script to start ovsdb-server with DB_SCHEME other than Open_vSwitch. This scheme may not have currently required table "SSL" with "key", "cert" and "cacert" columns. This patch adds configuration knob "--in-db-ssl", which has default behavior as it is now: run ovsdb server with ssl options. User must pass "--in-db-ssl=no" to run ovsdb-server without these arguments. Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> --- utilities/ovs-ctl.in | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)