[ovs-dev] ovn: Improving southbound database security
lrichard at redhat.com
Thu Oct 13 19:50:13 UTC 2016
> From: "Andy Zhou" <azhou at ovn.org>
> To: "Ben Pfaff" <blp at ovn.org>
> Cc: "ovs dev" <dev at openvswitch.org>, "Numan Siddique" <nusiddiq at redhat.com>, "Babu Shanmugam" <bschanmu at redhat.com>,
> "Lance Richardson" <lrichard at redhat.com>, "Justin Pettit" <jpettit at ovn.org>, "Russell Bryant" <russell at ovn.org>
> Sent: Thursday, October 13, 2016 3:05:40 PM
> Subject: Re: ovn: Improving southbound database security
> On Thu, Oct 13, 2016 at 11:26 AM, Ben Pfaff <blp at ovn.org> wrote:
> > On Wed, Oct 12, 2016 at 01:51:39PM -0400, Russell Bryant wrote:
> > > 1) Add support to ovsdb-server for read-only remotes. The port reachable
> > > by ovn-controller would only accept read-only connections.
> > Andy, is this something that you can put on your to-do list? I guess
> > that it is not a huge amount of work.
> > Thanks,
> > Ben.
> Sure, I think the read-only OVSDB server has already been implemented as
> part of the replication work.
> Currently, it is only tied to active/backup state. We probably just need to
> make this feature decouple from replication.
Right, the prototype RFC I just posted builds on the work done for replication,
ovsdb_jsonrpc_session_create(remote, jsonrpc_session_open(name, true),
+ svr->read_only ||
More information about the dev