[ovs-dev] need info on ssl in manager table

Guru Shetty guru.ovn at gmail.com
Sat May 21 16:30:54 UTC 2016


You will have to create the vtep database. The file that I referred is a startup script of a vtep debian package and if you look at it, it does create one. You will have to do something similar.


> On May 20, 2016, at 9:22 PM, "D M, Vikas" <vikas.d-m at hpe.com> wrote:
> 
> Hi guru,
> 
> Thanks for the guidance.
> 
> My ovsdb server was enabled with SSL via below command.
> (ovsdb-server -C /home/sdn/certificates/switch/cacert.pem -p /home/sdn/certificates/switch/sc-privkey.pem -c /home/sdn/certificates/switch/sc-cert.pem /usr/local/etc/openvswitch/conf.db --remote=pssl:6632 --remote=db:hardware_vtep,Global,managers --pidfile --overwrite-pidfile --detach --no-chdir --verbose --log-file=/usr/local/var/log/openvswitch/ovsdb-server.log)
> 
> Only missing thing in my command is  /etc/openvswitch/vtep.db  .
> So added the same.
> (ovsdb-server -C /home/sdn/certificates/switch/cacert.pem -p /home/sdn/certificates/switch/sc-privkey.pem -c /home/sdn/certificates/switch/sc-cert.pem /usr/local/etc/openvswitch/conf.db /usr/local/etc/openvswitch/vtep.db --remote=pssl:6632 --remote=db:hardware_vtep,Global,managers --pidfile --overwrite-pidfile --detach --no-chdir --verbose --log-file=/usr/local/var/log/openvswitch/ovsdb-server.log)
> 
> But there is no vtep.db file, only conf.db file exists in /usr/local/etc/openvswitch/ folder.
> So ovsdb-server fails to start with  IO Error (ovsdb-server: I/O error: open: /usr/local/etc/openvswitch/vtep.db failed (No such file or directory))
> 
> So searched the entire / dir to locate vtep.db file. But vtep.db doesn’t exist.
> 
> Thanks,
> Vikas
> 
> 
> 
> 
> 
> 
> 
> 
> 
> From: Guru Shetty [mailto:guru at ovn.org]
> Sent: Friday, May 20, 2016 10:02 PM
> To: D M, Vikas <vikas.d-m at hpe.com>
> Cc: dev at openvswitch.org; Kamat, Maruti Haridas <maruti.kamat at hpe.com>
> Subject: Re: [ovs-dev] need info on ssl in manager table
> 
> 
> 
> On 20 May 2016 at 09:07, D M, Vikas <vikas.d-m at hpe.com<mailto:vikas.d-m at hpe.com>> wrote:
> Hi ,
> 
> We are using ovsdb hardware vtep schema in openstack l2gateway project [1]
> 
> ovsdb server initiates the connection to l2gateway agent with the entries in manager table in ovsdb hardware vtep schema[3].
> Already tcp connection for manager table is implemented in our code [2].
> 
> I am trying to use ovsdb manager table (hardware vtep schema) by setting ssl:IP:PORT. (ssl:IP:6632)
> 
> But while implementing ssl communication in our code is throwing error, saying unknown protocol, while wrapping the socket (sslv23) .
> (I have tried with different versions of SSL protocol, but some are not supported)
> 
> I am using working certificates. Since the same certificates are used for initiating ssl connection from the other way and it works fine.
> (l2gateway agent to ovsdb server via ssl connection).
> 
> While stating ovsdb-server with ssl we are specifying the certs path.
> But for manager table, ovsdb-server has to pick the certs from some location while initiating the connection.
> So what is the default location?
> You will have to provide the location. Like here:
> https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-vtep.init#L43
> 
> 
> 
> Is manager table works with SSl ?
> Am I missing something?
> 
> Please guide me on this.
> 
> Note: my setup details
> Both nodes are with below config and date.
> Ubuntu 14.04
> Python 2.7.6
> OpenSSL 1.0.1f
> 
> 
> Thanks,
> Vikas
> 
> [1] https://github.com/openstack/networking-l2gw/blob/master/specs/kilo/l2-gateway-api-implementation.rst
> [2] https://review.openstack.org/#/c/208524/
> [3] https://bugs.launchpad.net/networking-l2gw/+bug/1466302
> _______________________________________________
> dev mailing list
> dev at openvswitch.org<mailto:dev at openvswitch.org>
> http://openvswitch.org/mailman/listinfo/dev
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev



More information about the dev mailing list