[ovs-dev] [PATCH 3/3] ovn: Add bootstrap options for OVN controllers.

Gurucharan Shetty shettyg at nicira.com
Thu Aug 20 17:03:40 UTC 2015


This lets the central controller to push
its certificate to the OVN controllers.

Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
---
 ovn/controller-vtep/ovn-controller-vtep.8.xml |    5 +++--
 ovn/controller-vtep/ovn-controller-vtep.c     |    6 ++++++
 ovn/controller/ovn-controller.8.xml           |    5 +++--
 ovn/controller/ovn-controller.c               |    6 ++++++
 4 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/ovn/controller-vtep/ovn-controller-vtep.8.xml b/ovn/controller-vtep/ovn-controller-vtep.8.xml
index c924f9f..7540b58 100644
--- a/ovn/controller-vtep/ovn-controller-vtep.8.xml
+++ b/ovn/controller-vtep/ovn-controller-vtep.8.xml
@@ -38,8 +38,9 @@
           name) in IPv4 or IPv6 address format.  If <var>ip</var> is an IPv6
           address, then wrap <var>ip</var> with square brackets, e.g.:
           <code>ssl:[::1]:6640</code>.  The <code>--private-key</code>,
-          <code>--certificate</code>, and <code>--ca-cert</code> options are
-          mandatory when this form is used.
+          <code>--certificate</code> and either of <code>--ca-cert</code>
+          or <code>--bootstrap-ca-cert</code> options are mandatory when this
+          form is used.
         </p>
       </li>
       <li>
diff --git a/ovn/controller-vtep/ovn-controller-vtep.c b/ovn/controller-vtep/ovn-controller-vtep.c
index 7e98f69..b54b29d 100644
--- a/ovn/controller-vtep/ovn-controller-vtep.c
+++ b/ovn/controller-vtep/ovn-controller-vtep.c
@@ -163,6 +163,7 @@ parse_options(int argc, char *argv[])
 {
     enum {
         OPT_PEER_CA_CERT = UCHAR_MAX + 1,
+        OPT_BOOTSTRAP_CA_CERT,
         VLOG_OPTION_ENUMS,
         DAEMON_OPTION_ENUMS
     };
@@ -176,6 +177,7 @@ parse_options(int argc, char *argv[])
         DAEMON_LONG_OPTIONS,
         STREAM_SSL_LONG_OPTIONS,
         {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
+        {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
         {NULL, 0, NULL, 0}
     };
     char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
@@ -212,6 +214,10 @@ parse_options(int argc, char *argv[])
             stream_ssl_set_peer_ca_cert_file(optarg);
             break;
 
+        case OPT_BOOTSTRAP_CA_CERT:
+            stream_ssl_set_ca_cert_file(optarg, true);
+            break;
+
         case '?':
             exit(EXIT_FAILURE);
 
diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml
index e1cb6a2..19bb5b7 100644
--- a/ovn/controller/ovn-controller.8.xml
+++ b/ovn/controller/ovn-controller.8.xml
@@ -39,8 +39,9 @@
           name) in IPv4 or IPv6 address format.  If <var>ip</var> is an IPv6
           address, then wrap <var>ip</var> with square brackets, e.g.:
           <code>ssl:[::1]:6640</code>.  The <code>--private-key</code>,
-          <code>--certificate</code>, and <code>--ca-cert</code> options are
-          mandatory when this form is used.
+          <code>--certificate</code> and either of <code>--ca-cert</code>
+          or <code>--bootstrap-ca-cert</code> options are mandatory when this
+          form is used.
         </p>
       </li>
       <li>
diff --git a/ovn/controller/ovn-controller.c b/ovn/controller/ovn-controller.c
index 34d7660..bcaadcd 100644
--- a/ovn/controller/ovn-controller.c
+++ b/ovn/controller/ovn-controller.c
@@ -260,6 +260,7 @@ parse_options(int argc, char *argv[])
 {
     enum {
         OPT_PEER_CA_CERT = UCHAR_MAX + 1,
+        OPT_BOOTSTRAP_CA_CERT,
         VLOG_OPTION_ENUMS,
         DAEMON_OPTION_ENUMS
     };
@@ -271,6 +272,7 @@ parse_options(int argc, char *argv[])
         DAEMON_LONG_OPTIONS,
         STREAM_SSL_LONG_OPTIONS,
         {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
+        {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
         {NULL, 0, NULL, 0}
     };
     char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
@@ -299,6 +301,10 @@ parse_options(int argc, char *argv[])
             stream_ssl_set_peer_ca_cert_file(optarg);
             break;
 
+        case OPT_BOOTSTRAP_CA_CERT:
+            stream_ssl_set_ca_cert_file(optarg, true);
+            break;
+
         case '?':
             exit(EXIT_FAILURE);
 
-- 
1.7.9.5




More information about the dev mailing list