[ovs-dev] [PATCH 2/3] ovsdb-server: Add the ability to push peer-cert.

Ben Pfaff blp at nicira.com
Fri Aug 21 21:43:15 UTC 2015

On Thu, Aug 20, 2015 at 10:03:39AM -0700, Gurucharan Shetty wrote:
> In OVN, ovsdb-server is the daemon that manages the databases
> and can be called as the central controller. So it would be
> nice for ovsdb-server to be able to push its self-signed
> certificate to all the other nodes where ovn-controller runs.
> Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>

This is a good idea, especially the test.

The test passes a plain --log-file option and a --log-file option with a
full path.  The first one fails:

    2015-08-21T21:34:19Z|00001|vlog|WARN|failed to open
    /var/log/openvswitch/ovsdb-server.log for logging: No such file or

so I'd replace it by the one with the full path.

The log message from ovs-vsctl on the disconnection is confusing:

    ovs-vsctl: ssl: database connection failed ()

It looks like this improves it, at least to "(Protocol error)":

diff --git a/lib/jsonrpc.c b/lib/jsonrpc.c
index ae51b42..1e312a2 100644
--- a/lib/jsonrpc.c
+++ b/lib/jsonrpc.c
@@ -948,6 +948,7 @@ jsonrpc_session_run(struct jsonrpc_session *s)
             reconnect_connect_failed(s->reconnect, time_msec(), error);
             s->stream = NULL;
+            s->last_error = error;

The test runs over 10x faster on my system with 1024-bit keys:

diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at
index 6a2189a..caaa497 100644
--- a/tests/ovs-vsctl.at
+++ b/tests/ovs-vsctl.at
@@ -1315,9 +1315,9 @@ AT_KEYWORDS([ovs-vsctl ssl])
 AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
 OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log"
-$OVS_PKI init && \
-$OVS_PKI req+sign vsctl switch && \
-$OVS_PKI req ovsdbserver && $OVS_PKI self-sign ovsdbserver
+$OVS_PKI -B 1024 init && \
+$OVS_PKI -B 1024 req+sign vsctl switch && \
+$OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver
 dnl Create database.
 touch .conf.db.~lock~

Acked-by: Ben Pfaff <blp at nicira.com>

More information about the dev mailing list