diff mbox series

[ovs-dev,3/5] ovn-northd-ddlog: Support ssl cert rotation.

Message ID 20210513224614.1878220-3-hzhou@ovn.org
State Superseded
Headers show
Series [ovs-dev,1/5] ovn-controller: Support ssl cert rotation when command line options are used. | expand

Commit Message

Han Zhou May 13, 2021, 10:46 p.m. UTC
Update SSL in the main loop so that updated pki files can be reapplied.

Signed-off-by: Han Zhou <hzhou@ovn.org>
---
 northd/ovn-northd-ddlog.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/northd/ovn-northd-ddlog.c b/northd/ovn-northd-ddlog.c
index b7d2c8a5e..46f734c11 100644
--- a/northd/ovn-northd-ddlog.c
+++ b/northd/ovn-northd-ddlog.c
@@ -74,6 +74,11 @@  static const char *ovnnb_db;
 static const char *ovnsb_db;
 static const char *unixctl_path;
 
+/* SSL options */
+static const char *ssl_private_key_file;
+static const char *ssl_certificate_file;
+static const char *ssl_ca_cert_file;
+
 /* Frequently used table ids. */
 static table_id WARNING_TABLE_ID;
 static table_id NB_CFG_TIMESTAMP_ID;
@@ -1094,7 +1099,18 @@  parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED)
         switch (c) {
         OVN_DAEMON_OPTION_HANDLERS;
         VLOG_OPTION_HANDLERS;
-        STREAM_SSL_OPTION_HANDLERS;
+
+        case 'p':
+            ssl_private_key_file = optarg;
+            break;
+
+        case 'c':
+            ssl_certificate_file = optarg;
+            break;
+
+        case 'C':
+            ssl_ca_cert_file = optarg;
+            break;
 
         case OPT_DDLOG_RECORD:
             record_file = optarg;
@@ -1140,6 +1156,16 @@  parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED)
     free(short_options);
 }
 
+static void
+update_ssl_config(void)
+{
+    if (!ssl_private_key_file || !ssl_certificate_file || !ssl_ca_cert_file) {
+        return;
+    }
+    stream_ssl_set_key_and_cert(ssl_private_key_file, ssl_certificate_file);
+    stream_ssl_set_ca_cert_file(ssl_ca_cert_file, false);
+}
+
 int
 main(int argc, char *argv[])
 {
@@ -1219,6 +1245,7 @@  main(int argc, char *argv[])
     /* Main loop. */
     exiting = false;
     while (!exiting) {
+        update_ssl_config();
         memory_run();
         if (memory_should_report()) {
             struct simap usage = SIMAP_INITIALIZER(&usage);