From patchwork Thu Aug 9 18:02:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timothy Redaelli X-Patchwork-Id: 955746 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41mbh81gnyz9ryt for ; Fri, 10 Aug 2018 04:02:48 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 6130CD60; Thu, 9 Aug 2018 18:02:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 0532DC96 for ; Thu, 9 Aug 2018 18:02:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7446F7C0 for ; Thu, 9 Aug 2018 18:02:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AA0F240241F3 for ; Thu, 9 Aug 2018 18:02:12 +0000 (UTC) Received: from localhost.localdomain (dhcp189-71.ntdv.lab.eng.bos.redhat.com [10.19.189.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id 28A6210FFE6A for ; Thu, 9 Aug 2018 18:02:11 +0000 (UTC) From: Timothy Redaelli To: dev@openvswitch.org Date: Thu, 9 Aug 2018 20:02:00 +0200 Message-Id: <4cac95aff9f6780434150eb9177e546b72ddb48d.1533833706.git.tredaelli@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Thu, 09 Aug 2018 18:02:12 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Thu, 09 Aug 2018 18:02:12 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'tredaelli@redhat.com' RCPT:'' X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 1/3] tests: Use the default key length when generating RSA keys X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This commit removes the explicit set of 1024-bit RSA keys when ovs-pki is launched and so the default (2048-bit) is used. Signed-off-by: Timothy Redaelli --- tests/ovs-vsctl.at | 4 ++-- tests/ovsdb-rbac.at | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at index f9e7f3bb1..6f37c0da7 100644 --- a/tests/ovs-vsctl.at +++ b/tests/ovs-vsctl.at @@ -1374,7 +1374,7 @@ AT_KEYWORDS([ovs-vsctl ssl]) AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) PKIDIR=`pwd` OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log" -AT_CHECK([$OVS_PKI -B 1024 init && $OVS_PKI -B 1024 req+sign vsctl switch && $OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver], [0], [ignore], [ignore]) +AT_CHECK([$OVS_PKI init && $OVS_PKI req+sign vsctl switch && $OVS_PKI req ovsdbserver && $OVS_PKI self-sign ovsdbserver], [0], [ignore], [ignore]) dnl Create database. OVSDB_INIT([conf.db]) @@ -1401,7 +1401,7 @@ AT_KEYWORDS([ovs-vsctl ssl]) AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) PKIDIR=`pwd` OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log" -AT_CHECK([$OVS_PKI -B 1024 init && $OVS_PKI -B 1024 req+sign vsctl switch && $OVS_PKI -B 1024 req+sign ovsdbserver controller], [0], [ignore], [ignore]) +AT_CHECK([$OVS_PKI init && $OVS_PKI req+sign vsctl switch && $OVS_PKI req+sign ovsdbserver controller], [0], [ignore], [ignore]) dnl Create database. OVSDB_INIT([conf.db]) diff --git a/tests/ovsdb-rbac.at b/tests/ovsdb-rbac.at index adefee4df..7de3711fb 100644 --- a/tests/ovsdb-rbac.at +++ b/tests/ovsdb-rbac.at @@ -6,10 +6,10 @@ AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) RBAC_PKIDIR="$(pwd)" RBAC_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$RBAC_PKIDIR/pki --log=$RBAC_PKIDIR/rbac-pki.log" -$RBAC_PKI -B 1024 init -$RBAC_PKI -B 1024 req+sign ovsdb-server switch -$RBAC_PKI -B 1024 -u req+sign client-1 switch -$RBAC_PKI -B 1024 -u req+sign client-2 switch +$RBAC_PKI init +$RBAC_PKI req+sign ovsdb-server switch +$RBAC_PKI -u req+sign client-1 switch +$RBAC_PKI -u req+sign client-2 switch AT_DATA([schema], [[{"name": "mydb", From patchwork Thu Aug 9 18:02:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timothy Redaelli X-Patchwork-Id: 955747 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41mbhd3x9Hz9ryt for ; Fri, 10 Aug 2018 04:03:13 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 30110D86; Thu, 9 Aug 2018 18:02:17 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9E639CC8 for ; Thu, 9 Aug 2018 18:02:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 55FBA737 for ; Thu, 9 Aug 2018 18:02:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 82A2E81663EC for ; Thu, 9 Aug 2018 18:02:13 +0000 (UTC) Received: from localhost.localdomain (dhcp189-71.ntdv.lab.eng.bos.redhat.com [10.19.189.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0317810FFE6A for ; Thu, 9 Aug 2018 18:02:12 +0000 (UTC) From: Timothy Redaelli To: dev@openvswitch.org Date: Thu, 9 Aug 2018 20:02:01 +0200 Message-Id: <5f9ed68348b1ccf1f2e21fec42312d2238fccad2.1533833706.git.tredaelli@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Thu, 09 Aug 2018 18:02:13 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Thu, 09 Aug 2018 18:02:13 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'tredaelli@redhat.com' RCPT:'' X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 2/3] ovn-architecture: Use the default key length in examples X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This commit removes the explicit set of 1024-bit RSA keys on ovn-architecture examples and so the default (2048-bit) is used. Signed-off-by: Timothy Redaelli --- ovn/ovn-architecture.7.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml index ae5ca8e4a..6ed2cf132 100644 --- a/ovn/ovn-architecture.7.xml +++ b/ovn/ovn-architecture.7.xml @@ -1607,7 +1607,7 @@ Creating SSL certificates for each chassis with the certificate CN field set to the chassis name (e.g. for a chassis with external-ids:system-id=chassis-1, via the command - "ovs-pki -B 1024 -u req+sign chassis-1 switch"). + "ovs-pki -u req+sign chassis-1 switch").
  • Configuring each ovn-controller to use SSL when connecting to the From patchwork Thu Aug 9 18:02:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timothy Redaelli X-Patchwork-Id: 955748 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41mbj62zPdz9ryt for ; Fri, 10 Aug 2018 04:03:38 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id F267BDC2; Thu, 9 Aug 2018 18:02:17 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 76162D65 for ; Thu, 9 Aug 2018 18:02:15 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2B231737 for ; Thu, 9 Aug 2018 18:02:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5B1447788A for ; Thu, 9 Aug 2018 18:02:14 +0000 (UTC) Received: from localhost.localdomain (dhcp189-71.ntdv.lab.eng.bos.redhat.com [10.19.189.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id CFFB110FFE6A for ; Thu, 9 Aug 2018 18:02:13 +0000 (UTC) From: Timothy Redaelli To: dev@openvswitch.org Date: Thu, 9 Aug 2018 20:02:02 +0200 Message-Id: <372a079c2f400ea47ef71f2bde31693762334255.1533833706.git.tredaelli@redhat.com> In-Reply-To: References: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Thu, 09 Aug 2018 18:02:14 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Thu, 09 Aug 2018 18:02:14 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'tredaelli@redhat.com' RCPT:'' X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 3/3] ovs-sandbox: Generate the SSL keys using the default key length X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This commit removes the explicit set of 1024-bit RSA keys when the RSA keys are generated on "make sandbox" and so the default (2048-bit) is used. Signed-off-by: Timothy Redaelli --- tutorial/ovs-sandbox | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox index 62ec537e8..7a5ab5f75 100755 --- a/tutorial/ovs-sandbox +++ b/tutorial/ovs-sandbox @@ -390,11 +390,11 @@ if $ovn; then if [ "$HAVE_OPENSSL" = yes ]; then OVS_PKI="run ovs-pki --dir=$sandbox/pki --log=$sandbox/ovs-pki.log" - $OVS_PKI -B 1024 init - $OVS_PKI -B 1024 req+sign ovnsb switch - $OVS_PKI -B 1024 req+sign ovnnb switch + $OVS_PKI init + $OVS_PKI req+sign ovnsb switch + $OVS_PKI req+sign ovnnb switch for i in $(seq $n_controllers); do - $OVS_PKI -B 1024 -u req+sign chassis-$i switch + $OVS_PKI -u req+sign chassis-$i switch done fi fi