[ovs-dev] [PATCH v2 1/3] ovn-sb: add SSL configuration to southbound db schema
Lance Richardson
lrichard at redhat.com
Wed Nov 9 13:59:42 UTC 2016
- Previous message: [ovs-dev] [PATCH v2 3/3] ovn-sb: add support for SSL configuration in database
- Next message: [ovs-dev] Good day My Dear. Greetings in the name of our Lord Jesus Christ . Amen. In brief introduction, my name is Mrs. Modese Dossongui, I am 59 years old, my late husband who was a nuclear power plant engineer, expatriates working with Fukushima nuclear power plant in Ivory Coast was killed during a typhoon disaster last year, while he was working at sea and it was for merci of God, unfortunately I was diagnose ovarian cancer, and doctors say I do not have much to spend days on earth. Fortunately for me, I had in my possession some vital documents covering the sum of USD$ 9.200.000.million deposit in a bank belonging to my late husband. Now I need your help to receive private funds in your country for investment projects as a foreign associate of my late husband because he left instructions with the bank that the fund may only be transferred to a foreign associate in case he is not available and also my asylum status does not allow me to control such huge amount of mo ney here. I must let you know that this was a very hard decision, But I had to take a bold step towards this issue because I have no further option. I hope you will help see my last wishes come true. please my dear, I am waiting for your response. Yours in Christ, Mrs. Modese Dossongui.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Enhance OVN southbound database schema to allow SSL connection
configuration to be stored and managed within the db.
Signed-off-by: Lance Richardson <lrichard at redhat.com>
---
ovn/ovn-sb.ovsschema | 21 ++++++++++++++++++---
ovn/ovn-sb.xml | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 65 insertions(+), 4 deletions(-)
diff --git a/ovn/ovn-sb.ovsschema b/ovn/ovn-sb.ovsschema
index 89342fe..0212a5e 100644
--- a/ovn/ovn-sb.ovsschema
+++ b/ovn/ovn-sb.ovsschema
@@ -1,7 +1,7 @@
{
"name": "OVN_Southbound",
"version": "1.9.0",
- "cksum": "239060528 9012",
+ "cksum": "2240045372 9719",
"tables": {
"SB_Global": {
"columns": {
@@ -13,7 +13,11 @@
"type": {"key": {"type": "uuid",
"refTable": "Connection"},
"min": 0,
- "max": "unlimited"}}},
+ "max": "unlimited"}},
+ "ssl": {
+ "type": {"key": {"type": "uuid",
+ "refTable": "SSL"},
+ "min": 0, "max": 1}}},
"maxRows": 1,
"isRoot": true},
"Chassis": {
@@ -183,4 +187,15 @@
"min": 0,
"max": "unlimited"},
"ephemeral": true}},
- "indexes": [["target"]]}}}
+ "indexes": [["target"]]},
+ "SSL": {
+ "columns": {
+ "private_key": {"type": "string"},
+ "certificate": {"type": "string"},
+ "ca_cert": {"type": "string"},
+ "bootstrap_ca_cert": {"type": "boolean"},
+ "external_ids": {"type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"}}},
+ "maxRows": 1}}}
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 45c473c..1d17fef 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -169,6 +169,9 @@
connections should be configured. See the <ref table="Connection"/>
table for more information.
</column>
+ <column name="ssl">
+ Global SSL configuration.
+ </column>
</group>
</table>
@@ -2294,7 +2297,9 @@ tcp.flags = RST;
<p>
The specified SSL <var>port</var> on the host at the given
<var>ip</var>, which must be expressed as an IP address
- (not a DNS name).
+ (not a DNS name). A valid SSL configuration must be provided
+ when this form is used, this configuration can be specified
+ via command-line options or the <ref table="SSL"/> table.
</p>
<p>
If <var>port</var> is not specified, it defaults to 6640.
@@ -2330,6 +2335,9 @@ tcp.flags = RST;
address, wrap in square brackets,
e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not
specified then it listens only on IPv4 (but not IPv6) addresses.
+ A valid SSL configuration must be provided when this form is used,
+ this can be specified either via command-line options or the
+ <ref table="SSL"/> table.
</p>
<p>
If <var>port</var> is not specified, it defaults to 6640.
@@ -2502,4 +2510,42 @@ tcp.flags = RST;
<column name="other_config"/>
</group>
</table>
+ <table name="SSL">
+ SSL configuration for ovn-sb database access.
+
+ <column name="private_key">
+ Name of a PEM file containing the private key used as the switch's
+ identity for SSL connections to the controller.
+ </column>
+
+ <column name="certificate">
+ Name of a PEM file containing a certificate, signed by the
+ certificate authority (CA) used by the controller and manager,
+ that certifies the switch's private key, identifying a trustworthy
+ switch.
+ </column>
+
+ <column name="ca_cert">
+ Name of a PEM file containing the CA certificate used to verify
+ that the switch is connected to a trustworthy controller.
+ </column>
+
+ <column name="bootstrap_ca_cert">
+ If set to <code>true</code>, then Open vSwitch will attempt to
+ obtain the CA certificate from the controller on its first SSL
+ connection and save it to the named PEM file. If it is successful,
+ it will immediately drop the connection and reconnect, and from then
+ on all SSL connections must be authenticated by a certificate signed
+ by the CA certificate thus obtained. <em>This option exposes the
+ SSL connection to a man-in-the-middle attack obtaining the initial
+ CA certificate.</em> It may still be useful for bootstrapping.
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
+ </table>
</database>
--
2.5.5
- Previous message: [ovs-dev] [PATCH v2 3/3] ovn-sb: add support for SSL configuration in database
- Next message: [ovs-dev] Good day My Dear. Greetings in the name of our Lord Jesus Christ . Amen. In brief introduction, my name is Mrs. Modese Dossongui, I am 59 years old, my late husband who was a nuclear power plant engineer, expatriates working with Fukushima nuclear power plant in Ivory Coast was killed during a typhoon disaster last year, while he was working at sea and it was for merci of God, unfortunately I was diagnose ovarian cancer, and doctors say I do not have much to spend days on earth. Fortunately for me, I had in my possession some vital documents covering the sum of USD$ 9.200.000.million deposit in a bank belonging to my late husband. Now I need your help to receive private funds in your country for investment projects as a foreign associate of my late husband because he left instructions with the bank that the fund may only be transferred to a foreign associate in case he is not available and also my asylum status does not allow me to control such huge amount of mo ney here. I must let you know that this was a very hard decision, But I had to take a bold step towards this issue because I have no further option. I hope you will help see my last wishes come true. please my dear, I am waiting for your response. Yours in Christ, Mrs. Modese Dossongui.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dev
mailing list