[ovs-dev] [PATCH 3/3] debian: Install self-signed certificates.
Ansis Atteka
aatteka at nicira.com
Sat Feb 18 00:45:17 UTC 2012
On Fri, Feb 17, 2012 at 3:41 PM, Gurucharan Shetty <gshetty at nicira.com>wrote:
> Install self-signed certificates in /etc/openvswitch using the
> ovs-pki utility.
>
> Bug #9063.
>
> Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
> ---
> debian/openvswitch-switch.postinst | 7 +++++++
> debian/openvswitch-switch.postrm | 3 +++
> 2 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/debian/openvswitch-switch.postinst
> b/debian/openvswitch-switch.postinst
> index c50853a..e28951b 100755
> --- a/debian/openvswitch-switch.postinst
> +++ b/debian/openvswitch-switch.postinst
> @@ -33,6 +33,13 @@ case "$1" in
> fi
> done
> fi
> +
> + #Install self-signed certificates.
> + OVSPKI="/usr/bin/ovs-pki"
> + if [ -x "${OVSPKI}" ]; then
> + (cd /etc/openvswitch && ${OVSPKI} req ovsclient && \
> + ${OVSPKI} self-sign ovsclient) > /dev/null 2>&1
> + fi
>
This would break upgrades, because certs are already present and ovs-pki
would return non-zero return value.
Also, we should attempt to generate certs only if they are not already
present, otherwise the user would have to copy them to Controller each time
after an upgrade.
;;
>
> abort-upgrade|abort-remove|abort-deconfigure)
> diff --git a/debian/openvswitch-switch.postrm
> b/debian/openvswitch-switch.postrm
> index baf37c8..ad79d64 100755
> --- a/debian/openvswitch-switch.postrm
> +++ b/debian/openvswitch-switch.postrm
> @@ -26,6 +26,9 @@ case "$1" in
> rm -f /etc/default/openvswitch-switch
> rm -f /var/log/openvswitch/ovs-vswitchd.log* || true
> rm -f /var/log/openvswitch/ovsdb-server.log* || true
> + rm -f /etc/openvswitch/ovsclient-privkey.pem
> + rm -f /etc/openvswitch/ovsclient-req.pem
> + rm -f /etc/openvswitch/ovsclient-cert.pem
;;
>
> remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
> --
> 1.7.2.5
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20120217/5c588836/attachment-0003.html>
More information about the dev
mailing list