[ovs-dev] [PATCH 2/3] ovsdb-server: Add the ability to push peer-cert.
blp at nicira.com
Fri Aug 21 21:43:15 UTC 2015
On Thu, Aug 20, 2015 at 10:03:39AM -0700, Gurucharan Shetty wrote:
> In OVN, ovsdb-server is the daemon that manages the databases
> and can be called as the central controller. So it would be
> nice for ovsdb-server to be able to push its self-signed
> certificate to all the other nodes where ovn-controller runs.
> Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
This is a good idea, especially the test.
The test passes a plain --log-file option and a --log-file option with a
full path. The first one fails:
2015-08-21T21:34:19Z|00001|vlog|WARN|failed to open
/var/log/openvswitch/ovsdb-server.log for logging: No such file or
so I'd replace it by the one with the full path.
The log message from ovs-vsctl on the disconnection is confusing:
ovs-vsctl: ssl:127.0.0.1:34766: database connection failed ()
It looks like this improves it, at least to "(Protocol error)":
diff --git a/lib/jsonrpc.c b/lib/jsonrpc.c
index ae51b42..1e312a2 100644
@@ -948,6 +948,7 @@ jsonrpc_session_run(struct jsonrpc_session *s)
reconnect_connect_failed(s->reconnect, time_msec(), error);
s->stream = NULL;
+ s->last_error = error;
The test runs over 10x faster on my system with 1024-bit keys:
diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at
index 6a2189a..caaa497 100644
@@ -1315,9 +1315,9 @@ AT_KEYWORDS([ovs-vsctl ssl])
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log"
-$OVS_PKI init && \
-$OVS_PKI req+sign vsctl switch && \
-$OVS_PKI req ovsdbserver && $OVS_PKI self-sign ovsdbserver
+$OVS_PKI -B 1024 init && \
+$OVS_PKI -B 1024 req+sign vsctl switch && \
+$OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver
dnl Create database.
Acked-by: Ben Pfaff <blp at nicira.com>
More information about the dev