[ovs-dev] [PATCH ovn v4 02/13] ovn-ic-nb: Interconnection northbound DB schema and CLI.
Han Zhou
hzhou at ovn.org
Wed Jan 29 19:55:57 UTC 2020
This patch introduces OVN_IC_Northbound DB schema and the CLI
ovn-ic-nbctl that manages the DB.
Signed-off-by: Han Zhou <hzhou at ovn.org>
---
.gitignore | 3 +
automake.mk | 35 ++
debian/ovn-common.install | 1 +
debian/ovn-common.manpages | 2 +
lib/.gitignore | 3 +
lib/automake.mk | 16 +-
lib/ovn-ic-nb-idl.ann | 9 +
lib/ovn-util.c | 13 +
lib/ovn-util.h | 1 +
ovn-ic-nb.ovsschema | 75 ++++
ovn-ic-nb.xml | 371 +++++++++++++++++
tests/automake.mk | 2 +
tests/ovn-ic-nbctl.at | 65 +++
tests/testsuite.at | 1 +
utilities/.gitignore | 2 +
utilities/automake.mk | 8 +
utilities/ovn-ic-nbctl.8.xml | 174 ++++++++
utilities/ovn-ic-nbctl.c | 950 +++++++++++++++++++++++++++++++++++++++++++
18 files changed, 1730 insertions(+), 1 deletion(-)
create mode 100644 lib/ovn-ic-nb-idl.ann
create mode 100644 ovn-ic-nb.ovsschema
create mode 100644 ovn-ic-nb.xml
create mode 100644 tests/ovn-ic-nbctl.at
create mode 100644 utilities/ovn-ic-nbctl.8.xml
create mode 100644 utilities/ovn-ic-nbctl.c
diff --git a/.gitignore b/.gitignore
index 6fee075..d4f8c10 100644
--- a/.gitignore
+++ b/.gitignore
@@ -67,6 +67,9 @@
/ovn-sb.5
/ovn-sb.gv
/ovn-sb.pic
+/ovn-ic-nb.5
+/ovn-ic-nb.gv
+/ovn-ic-nb.pic
/package.m4
/stamp-h1
/_build-gcc
diff --git a/automake.mk b/automake.mk
index 591e007..59063c2 100644
--- a/automake.mk
+++ b/automake.mk
@@ -62,6 +62,34 @@ ovn-sb.5: \
$(srcdir)/ovn-sb.xml > $@.tmp && \
mv $@.tmp $@
+# OVN interconnection northbound E-R diagram
+#
+# If "python" or "dot" is not available, then we do not add graphical diagram
+# to the documentation.
+if HAVE_DOT
+ovn-ic-nb.gv: ${OVSDIR}/ovsdb/ovsdb-dot.in $(srcdir)/ovn-ic-nb.ovsschema
+ $(AM_V_GEN)$(OVSDB_DOT) --no-arrows $(srcdir)/ovn-ic-nb.ovsschema > $@
+ovn-ic-nb.pic: ovn-ic-nb.gv ${OVSDIR}/ovsdb/dot2pic
+ $(AM_V_GEN)(dot -T plain < ovn-ic-nb.gv | $(PYTHON) ${OVSDIR}/ovsdb/dot2pic -f 3) > $@.tmp && \
+ mv $@.tmp $@
+OVN_IC_NB_PIC = ovn-ic-nb.pic
+OVN_IC_NB_DOT_DIAGRAM_ARG = --er-diagram=$(OVN_IC_NB_PIC)
+CLEANFILES += ovn-ic-nb.gv ovn-ic-nb.pic
+endif
+
+# OVN interconnection northbound schema documentation
+EXTRA_DIST += ovn-ic-nb.xml
+CLEANFILES += ovn-ic-nb.5
+man_MANS += ovn-ic-nb.5
+
+ovn-ic-nb.5: \
+ ${OVSDIR}/ovsdb/ovsdb-doc $(srcdir)/ovn-ic-nb.xml $(srcdir)/ovn-ic-nb.ovsschema $(OVN_IC_NB_PIC)
+ $(AM_V_GEN)$(OVSDB_DOC) \
+ $(OVN_IC_NB_DOT_DIAGRAM_ARG) \
+ --version=$(VERSION) \
+ $(srcdir)/ovn-ic-nb.ovsschema \
+ $(srcdir)/ovn-ic-nb.xml > $@.tmp && \
+ mv $@.tmp $@
# Version checking for ovn-nb.ovsschema.
ALL_LOCAL += ovn-nb.ovsschema.stamp
@@ -74,7 +102,14 @@ ALL_LOCAL += ovn-sb.ovsschema.stamp
ovn-sb.ovsschema.stamp: ovn-sb.ovsschema
$(srcdir)/build-aux/cksum-schema-check $? $@
+# Version checking for ovn-ic-nb.ovsschema.
+ALL_LOCAL += ovn-ic-nb.ovsschema.stamp
+ovn-ic-nb.ovsschema.stamp: ovn-ic-nb.ovsschema
+ $(srcdir)/build-aux/cksum-schema-check $? $@
+CLEANFILES += ovn-ic-nb.ovsschema.stamp
+
pkgdata_DATA += ovn-nb.ovsschema
pkgdata_DATA += ovn-sb.ovsschema
+pkgdata_DATA += ovn-ic-nb.ovsschema
CLEANFILES += ovn-sb.ovsschema.stamp
diff --git a/debian/ovn-common.install b/debian/ovn-common.install
index 90484d2..59b8018 100644
--- a/debian/ovn-common.install
+++ b/debian/ovn-common.install
@@ -1,5 +1,6 @@
usr/bin/ovn-nbctl
usr/bin/ovn-sbctl
+usr/bin/ovn-ic-nbctl
usr/bin/ovn-trace
usr/bin/ovn-detrace
usr/share/openvswitch/scripts/ovn-ctl
diff --git a/debian/ovn-common.manpages b/debian/ovn-common.manpages
index 249349e..e7d3e4d 100644
--- a/debian/ovn-common.manpages
+++ b/debian/ovn-common.manpages
@@ -1,8 +1,10 @@
ovn/ovn-architecture.7
ovn/ovn-nb.5
ovn/ovn-sb.5
+ovn/ovn-ic-nb.5
ovn/utilities/ovn-ctl.8
ovn/utilities/ovn-nbctl.8
ovn/utilities/ovn-sbctl.8
+ovn/utilities/ovn-ic-nbctl.8
ovn/utilities/ovn-trace.8
ovn/utilities/ovn-detrace.1
diff --git a/lib/.gitignore b/lib/.gitignore
index 3eed458..3af2923 100644
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -5,4 +5,7 @@
/ovn-sb-idl.c
/ovn-sb-idl.h
/ovn-sb-idl.ovsidl
+/ovn-ic-nb-idl.c
+/ovn-ic-nb-idl.h
+/ovn-ic-nb-idl.ovsidl
/ovn-dirs.c
diff --git a/lib/automake.mk b/lib/automake.mk
index 0c8245c..5f6561a 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -29,7 +29,9 @@ nodist_lib_libovn_la_SOURCES = \
lib/ovn-nb-idl.c \
lib/ovn-nb-idl.h \
lib/ovn-sb-idl.c \
- lib/ovn-sb-idl.h
+ lib/ovn-sb-idl.h \
+ lib/ovn-ic-nb-idl.c \
+ lib/ovn-ic-nb-idl.h
CLEANFILES += $(nodist_lib_libovn_la_SOURCES)
@@ -74,3 +76,15 @@ lib/ovn-nb-idl.ovsidl: $(OVN_NB_IDL_FILES)
$(AM_V_GEN)$(OVSDB_IDLC) annotate $(OVN_NB_IDL_FILES) > $@.tmp && \
mv $@.tmp $@
+# ovn-ic-nb IDL
+OVSIDL_BUILT += \
+ lib/ovn-ic-nb-idl.c \
+ lib/ovn-ic-nb-idl.h \
+ lib/ovn-ic-nb-idl.ovsidl
+EXTRA_DIST += lib/ovn-ic-nb-idl.ann
+OVN_IC_NB_IDL_FILES = \
+ $(srcdir)/ovn-ic-nb.ovsschema \
+ $(srcdir)/lib/ovn-ic-nb-idl.ann
+lib/ovn-ic-nb-idl.ovsidl: $(OVN_IC_NB_IDL_FILES)
+ $(AM_V_GEN)$(OVSDB_IDLC) annotate $(OVN_IC_NB_IDL_FILES) > $@.tmp && \
+ mv $@.tmp $@
diff --git a/lib/ovn-ic-nb-idl.ann b/lib/ovn-ic-nb-idl.ann
new file mode 100644
index 0000000..9dfbafa
--- /dev/null
+++ b/lib/ovn-ic-nb-idl.ann
@@ -0,0 +1,9 @@
+# -*- python -*-
+
+# This code, when invoked by "ovsdb-idlc annotate" (by the build
+# process), annotates ovn-ic-nb.ovsschema with additional data that give
+# the ovsdb-idl engine information about the types involved, so that
+# it can generate more programmer-friendly data structures.
+
+s["idlPrefix"] = "icnbrec_"
+s["idlHeader"] = "\"lib/ovn-ic-nb-idl.h\""
diff --git a/lib/ovn-util.c b/lib/ovn-util.c
index 6e0bba2..5b891ec 100644
--- a/lib/ovn-util.c
+++ b/lib/ovn-util.c
@@ -350,6 +350,19 @@ default_sb_db(void)
return def;
}
+const char *
+default_ic_nb_db(void)
+{
+ static char *def;
+ if (!def) {
+ def = getenv("OVN_IC_NB_DB");
+ if (!def) {
+ def = xasprintf("unix:%s/ovn_ic_nb_db.sock", ovn_rundir());
+ }
+ }
+ return def;
+}
+
char *
get_abs_unix_ctl_path(void)
{
diff --git a/lib/ovn-util.h b/lib/ovn-util.h
index 422d69e..cda245b 100644
--- a/lib/ovn-util.h
+++ b/lib/ovn-util.h
@@ -73,6 +73,7 @@ char *alloc_nat_zone_key(const struct uuid *key, const char *type);
const char *default_nb_db(void);
const char *default_sb_db(void);
+const char *default_ic_nb_db(void);
char *get_abs_unix_ctl_path(void);
struct ovsdb_idl_table_class;
diff --git a/ovn-ic-nb.ovsschema b/ovn-ic-nb.ovsschema
new file mode 100644
index 0000000..894db83
--- /dev/null
+++ b/ovn-ic-nb.ovsschema
@@ -0,0 +1,75 @@
+{
+ "name": "OVN_IC_Northbound",
+ "version": "1.0.0",
+ "cksum": "45589876 3383",
+ "tables": {
+ "IC_NB_Global": {
+ "columns": {
+ "external_ids": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}},
+ "connections": {
+ "type": {"key": {"type": "uuid",
+ "refTable": "Connection"},
+ "min": 0,
+ "max": "unlimited"}},
+ "ssl": {
+ "type": {"key": {"type": "uuid",
+ "refTable": "SSL"},
+ "min": 0, "max": 1}},
+ "options": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}}},
+ "maxRows": 1,
+ "isRoot": true},
+ "Transit_Switch": {
+ "columns": {
+ "name": {"type": "string"},
+ "other_config": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}},
+ "external_ids": {
+ "type": {"key": "string", "value": "string",
+ "min": 0, "max": "unlimited"}}},
+ "isRoot": true,
+ "indexes": [["name"]]},
+ "Connection": {
+ "columns": {
+ "target": {"type": "string"},
+ "max_backoff": {"type": {"key": {"type": "integer",
+ "minInteger": 1000},
+ "min": 0,
+ "max": 1}},
+ "inactivity_probe": {"type": {"key": "integer",
+ "min": 0,
+ "max": 1}},
+ "other_config": {"type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"}},
+ "external_ids": {"type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"}},
+ "is_connected": {"type": "boolean", "ephemeral": true},
+ "status": {"type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"},
+ "ephemeral": true}},
+ "indexes": [["target"]]},
+ "SSL": {
+ "columns": {
+ "private_key": {"type": "string"},
+ "certificate": {"type": "string"},
+ "ca_cert": {"type": "string"},
+ "bootstrap_ca_cert": {"type": "boolean"},
+ "ssl_protocols": {"type": "string"},
+ "ssl_ciphers": {"type": "string"},
+ "external_ids": {"type": {"key": "string",
+ "value": "string",
+ "min": 0,
+ "max": "unlimited"}}},
+ "maxRows": 1}
+ }
+}
diff --git a/ovn-ic-nb.xml b/ovn-ic-nb.xml
new file mode 100644
index 0000000..a693611
--- /dev/null
+++ b/ovn-ic-nb.xml
@@ -0,0 +1,371 @@
+<?xml version="1.0" encoding="utf-8"?>
+<database name="ovn-ic-nb" title="OVN Interconnection Northbound Database">
+ <p>
+ This database is the interface for cloud management system (CMS), such as
+ OpenStack, to configure OVN interconnection settings. The CMS produces
+ almost all of the contents of the database. The <code>ovn-ic</code>
+ program monitors the database contents, transforms it, and stores it into
+ the <ref db="OVN_IC_Southbound"/> database.
+ </p>
+
+ <p>
+ We generally speak of ``the'' CMS, but one can imagine scenarios in
+ which multiple CMSes manage different parts of OVN interconnection.
+ </p>
+
+ <h2>External IDs</h2>
+
+ <p>
+ Each of the tables in this database contains a special column, named
+ <code>external_ids</code>. This column has the same form and purpose each
+ place it appears.
+ </p>
+
+ <dl>
+ <dt><code>external_ids</code>: map of string-string pairs</dt>
+ <dd>
+ Key-value pairs for use by the CMS. The CMS might use certain pairs, for
+ example, to identify entities in its own configuration that correspond to
+ those in this database.
+ </dd>
+ </dl>
+
+ <table name="IC_NB_Global" title="IC Northbound configuration">
+ <p>
+ Northbound configuration for OVN interconnection. This table must have exactly
+ one row.
+ </p>
+
+ <group title="Common Columns">
+ <column name="external_ids">
+ See <em>External IDs</em> at the beginning of this document.
+ </column>
+ </group>
+
+ <group title="Common options">
+ <column name="options">
+ This column provides general key/value settings. The supported
+ options are described individually below.
+ </column>
+ </group>
+
+ <group title="Connection Options">
+ <column name="connections">
+ Database clients to which the Open vSwitch database server should
+ connect or on which it should listen, along with options for how these
+ connections should be configured. See the <ref table="Connection"/>
+ table for more information.
+ </column>
+ <column name="ssl">
+ Global SSL configuration.
+ </column>
+ </group>
+ </table>
+
+ <table name="Transit_Switch" title="Transit logical switch">
+ <p>
+ Each row represents one transit logical switch for interconnection between
+ different OVN deployments (availability zones).
+ </p>
+
+ <group title="Naming">
+ <column name="name">
+ A name that uniquely identifies the transit logical switch.
+ </column>
+ </group>
+
+ <group title="Common Columns">
+ <column name="other_config"/>
+ <column name="external_ids">
+ See <em>External IDs</em> at the beginning of this document.
+ </column>
+ </group>
+ </table>
+
+ <table name="SSL">
+ SSL configuration for ovn-nb database access.
+
+ <column name="private_key">
+ Name of a PEM file containing the private key used as the switch's
+ identity for SSL connections to the controller.
+ </column>
+
+ <column name="certificate">
+ Name of a PEM file containing a certificate, signed by the
+ certificate authority (CA) used by the controller and manager,
+ that certifies the switch's private key, identifying a trustworthy
+ switch.
+ </column>
+
+ <column name="ca_cert">
+ Name of a PEM file containing the CA certificate used to verify
+ that the switch is connected to a trustworthy controller.
+ </column>
+
+ <column name="bootstrap_ca_cert">
+ If set to <code>true</code>, then Open vSwitch will attempt to
+ obtain the CA certificate from the controller on its first SSL
+ connection and save it to the named PEM file. If it is successful,
+ it will immediately drop the connection and reconnect, and from then
+ on all SSL connections must be authenticated by a certificate signed
+ by the CA certificate thus obtained. <em>This option exposes the
+ SSL connection to a man-in-the-middle attack obtaining the initial
+ CA certificate.</em> It may still be useful for bootstrapping.
+ </column>
+
+ <column name="ssl_protocols">
+ List of SSL protocols to be enabled for SSL connections. The default
+ when this option is omitted is <code>TLSv1,TLSv1.1,TLSv1.2</code>.
+ </column>
+
+ <column name="ssl_ciphers">
+ List of ciphers (in OpenSSL cipher string format) to be supported
+ for SSL connections. The default when this option is omitted is
+ <code>HIGH:!aNULL:!MD5</code>.
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
+ </table>
+
+ <table name="Connection" title="OVSDB client connections.">
+ <p>
+ Configuration for a database connection to an Open vSwitch database
+ (OVSDB) client.
+ </p>
+
+ <p>
+ This table primarily configures the Open vSwitch database server
+ (<code>ovsdb-server</code>).
+ </p>
+
+ <p>
+ The Open vSwitch database server can initiate and maintain active
+ connections to remote clients. It can also listen for database
+ connections.
+ </p>
+
+ <group title="Core Features">
+ <column name="target">
+ <p>Connection methods for clients.</p>
+ <p>
+ The following connection methods are currently supported:
+ </p>
+ <dl>
+ <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
+ <dd>
+ <p>
+ The specified SSL <var>port</var> on the host at the given
+ <var>host</var>, which can either be a DNS name (if built with
+ unbound library) or an IP address. A valid SSL configuration must
+ be provided when this form is used, this configuration can be
+ specified via command-line options or the <ref table="SSL"/> table.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it defaults to 6640.
+ </p>
+ <p>
+ SSL support is an optional feature that is not always
+ built as part of Open vSwitch.
+ </p>
+ </dd>
+
+ <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
+ <dd>
+ <p>
+ The specified TCP <var>port</var> on the host at the given
+ <var>host</var>, which can either be a DNS name (if built with
+ unbound library) or an IP address. If <var>host</var> is an IPv6
+ address, wrap it in square brackets, e.g. <code>tcp:[::1]:6640</code>.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it defaults to 6640.
+ </p>
+ </dd>
+ <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
+ <dd>
+ <p>
+ Listens for SSL connections on the specified TCP <var>port</var>.
+ Specify 0 for <var>port</var> to have the kernel automatically
+ choose an available port. If <var>host</var>, which can either
+ be a DNS name (if built with unbound library) or an IP address,
+ is specified, then connections are restricted to the resolved or
+ specified local IPaddress (either IPv4 or IPv6 address). If
+ <var>host</var> is an IPv6 address, wrap in square brackets,
+ e.g. <code>pssl:6640:[::1]</code>. If <var>host</var> is not
+ specified then it listens only on IPv4 (but not IPv6) addresses.
+ A valid SSL configuration must be provided when this form is used,
+ this can be specified either via command-line options or the
+ <ref table="SSL"/> table.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it defaults to 6640.
+ </p>
+ <p>
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+ </p>
+ </dd>
+ <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
+ <dd>
+ <p>
+ Listens for connections on the specified TCP <var>port</var>.
+ Specify 0 for <var>port</var> to have the kernel automatically
+ choose an available port. If <var>host</var>, which can either
+ be a DNS name (if built with unbound library) or an IP address,
+ is specified, then connections are restricted to the resolved or
+ specified local IP address (either IPv4 or IPv6 address). If
+ <var>host</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>ptcp:6640:[::1]</code>. If <var>host</var> is not
+ specified then it listens only on IPv4 addresses.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it defaults to 6640.
+ </p>
+ </dd>
+ </dl>
+ <p>When multiple clients are configured, the <ref column="target"/>
+ values must be unique. Duplicate <ref column="target"/> values yield
+ unspecified results.</p>
+ </column>
+ </group>
+
+ <group title="Client Failure Detection and Handling">
+ <column name="max_backoff">
+ Maximum number of milliseconds to wait between connection attempts.
+ Default is implementation-specific.
+ </column>
+
+ <column name="inactivity_probe">
+ Maximum number of milliseconds of idle time on connection to the client
+ before sending an inactivity probe message. If Open vSwitch does not
+ communicate with the client for the specified number of seconds, it
+ will send a probe. If a response is not received for the same
+ additional amount of time, Open vSwitch assumes the connection has been
+ broken and attempts to reconnect. Default is implementation-specific.
+ A value of 0 disables inactivity probes.
+ </column>
+ </group>
+
+ <group title="Status">
+ <p>
+ Key-value pair of <ref column="is_connected"/> is always updated.
+ Other key-value pairs in the status columns may be updated depends
+ on the <ref column="target"/> type.
+ </p>
+
+ <p>
+ When <ref column="target"/> specifies a connection method that
+ listens for inbound connections (e.g. <code>ptcp:</code> or
+ <code>punix:</code>), both <ref column="n_connections"/> and
+ <ref column="is_connected"/> may also be updated while the
+ remaining key-value pairs are omitted.
+ </p>
+
+ <p>
+ On the other hand, when <ref column="target"/> specifies an
+ outbound connection, all key-value pairs may be updated, except
+ the above-mentioned two key-value pairs associated with inbound
+ connection targets. They are omitted.
+ </p>
+
+ <column name="is_connected">
+ <code>true</code> if currently connected to this client,
+ <code>false</code> otherwise.
+ </column>
+
+ <column name="status" key="last_error">
+ A human-readable description of the last error on the connection
+ to the manager; i.e. <code>strerror(errno)</code>. This key
+ will exist only if an error has occurred.
+ </column>
+
+ <column name="status" key="state"
+ type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
+ <p>
+ The state of the connection to the manager:
+ </p>
+ <dl>
+ <dt><code>VOID</code></dt>
+ <dd>Connection is disabled.</dd>
+
+ <dt><code>BACKOFF</code></dt>
+ <dd>Attempting to reconnect at an increasing period.</dd>
+
+ <dt><code>CONNECTING</code></dt>
+ <dd>Attempting to connect.</dd>
+
+ <dt><code>ACTIVE</code></dt>
+ <dd>Connected, remote host responsive.</dd>
+
+ <dt><code>IDLE</code></dt>
+ <dd>Connection is idle. Waiting for response to keep-alive.</dd>
+ </dl>
+ <p>
+ These values may change in the future. They are provided only for
+ human consumption.
+ </p>
+ </column>
+
+ <column name="status" key="sec_since_connect"
+ type='{"type": "integer", "minInteger": 0}'>
+ The amount of time since this client last successfully connected
+ to the database (in seconds). Value is empty if client has never
+ successfully been connected.
+ </column>
+
+ <column name="status" key="sec_since_disconnect"
+ type='{"type": "integer", "minInteger": 0}'>
+ The amount of time since this client last disconnected from the
+ database (in seconds). Value is empty if client has never
+ disconnected.
+ </column>
+
+ <column name="status" key="locks_held">
+ Space-separated list of the names of OVSDB locks that the connection
+ holds. Omitted if the connection does not hold any locks.
+ </column>
+
+ <column name="status" key="locks_waiting">
+ Space-separated list of the names of OVSDB locks that the connection is
+ currently waiting to acquire. Omitted if the connection is not waiting
+ for any locks.
+ </column>
+
+ <column name="status" key="locks_lost">
+ Space-separated list of the names of OVSDB locks that the connection
+ has had stolen by another OVSDB client. Omitted if no locks have been
+ stolen from this connection.
+ </column>
+
+ <column name="status" key="n_connections"
+ type='{"type": "integer", "minInteger": 2}'>
+ When <ref column="target"/> specifies a connection method that
+ listens for inbound connections (e.g. <code>ptcp:</code> or
+ <code>pssl:</code>) and more than one connection is actually active,
+ the value is the number of active connections. Otherwise, this
+ key-value pair is omitted.
+ </column>
+
+ <column name="status" key="bound_port" type='{"type": "integer"}'>
+ When <ref column="target"/> is <code>ptcp:</code> or
+ <code>pssl:</code>, this is the TCP port on which the OVSDB server is
+ listening. (This is particularly useful when <ref
+ column="target"/> specifies a port of 0, allowing the kernel to
+ choose any available port.)
+ </column>
+ </group>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ <column name="other_config"/>
+ </group>
+ </table>
+</database>
diff --git a/tests/automake.mk b/tests/automake.mk
index ed6240c..8c1630c 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -24,6 +24,7 @@ TESTSUITE_AT = \
tests/ovn-northd.at \
tests/ovn-nbctl.at \
tests/ovn-sbctl.at \
+ tests/ovn-ic-nbctl.at \
tests/ovn-controller.at \
tests/ovn-controller-vtep.at \
tests/ovn-macros.at \
@@ -99,6 +100,7 @@ valgrind_wrappers = \
tests/valgrind/ovn-nbctl \
tests/valgrind/ovn-northd \
tests/valgrind/ovn-sbctl \
+ tests/valgrind/ovn-ic-nbctl \
tests/valgrind/ovs-appctl \
tests/valgrind/ovs-ofctl \
tests/valgrind/ovs-vsctl \
diff --git a/tests/ovn-ic-nbctl.at b/tests/ovn-ic-nbctl.at
new file mode 100644
index 0000000..2402d64
--- /dev/null
+++ b/tests/ovn-ic-nbctl.at
@@ -0,0 +1,65 @@
+AT_BANNER([ovn-ic-nbctl])
+
+# OVN_IC_NBCTL_TEST_START
+m4_define([OVN_IC_NBCTL_TEST_START],
+ [dnl Create database (ovn-ic-nb).
+ AT_KEYWORDS([ic_nbctl])
+ AT_CHECK([ovsdb-tool create ovn-ic-nb.db $abs_top_srcdir/ovn-ic-nb.ovsschema])
+
+ dnl Start ovsdb-servers.
+ AT_CHECK([ovsdb-server --detach --no-chdir --pidfile=ovn_ic_nb_db.pid --unixctl=$OVS_RUNDIR/ovn_ic_nb_db.ctl --log-file=ovsdb_ic_nb.log --remote=punix:$OVS_RUNDIR/ovn_ic_nb_db.sock ovn-ic-nb.db ], [0], [], [stderr])
+ on_exit "kill `cat ovn_ic_nb_db.pid`"
+ AT_CHECK([[sed < stderr '
+/vlog|INFO|opened log file/d
+/ovsdb_server|INFO|ovsdb-server (Open vSwitch)/d']])
+ AT_CAPTURE_FILE([ovsdb-server.log])
+])
+
+# OVN_IC_NBCTL_TEST_STOP
+m4_define([OVN_IC_NBCTL_TEST_STOP],
+ [AT_CHECK([check_logs "$1"])
+ OVS_APP_EXIT_AND_WAIT_BY_TARGET([$OVS_RUNDIR/ovn_ic_nb_db.ctl], [$OVS_RUNDIR/ovn_ic_nb_db.pid])])
+
+dnl ---------------------------------------------------------------------
+
+AT_SETUP([ovn-ic-nbctl])
+OVN_IC_NBCTL_TEST_START
+
+AT_CHECK([ovn-ic-nbctl ts-add ts0])
+AT_CHECK([ovn-ic-nbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+])
+
+AT_CHECK([ovn-ic-nbctl ts-add ts1])
+AT_CHECK([ovn-ic-nbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+<1> (ts1)
+])
+
+AT_CHECK([ovn-ic-nbctl show | sort], [0], [dnl
+Transit_Switch ts0
+Transit_Switch ts1
+])
+
+AT_CHECK([ovn-ic-nbctl ts-del ts1])
+AT_CHECK([ovn-ic-nbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+])
+
+AT_CHECK([ovn-ic-nbctl ts-add ts0], [1], [],
+ [ovn-ic-nbctl: ts0: a transit switch with this name already exists
+])
+
+AT_CHECK([ovn-ic-nbctl --may-exist ts-add ts0])
+AT_CHECK([ovn-ic-nbctl ts-list | uuidfilt], [0], [dnl
+<0> (ts0)
+])
+
+AT_CHECK([ovn-ic-nbctl ts-del ts2], [1], [],
+ [ovn-ic-nbctl: ts2: switch name not found
+])
+
+AT_CHECK([ovn-ic-nbctl --if-exists ts-del ts2])
+
+OVN_IC_NBCTL_TEST_STOP
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index da8157d..aa44a2e 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -26,6 +26,7 @@ m4_include([tests/ovn-performance.at])
m4_include([tests/ovn-northd.at])
m4_include([tests/ovn-nbctl.at])
m4_include([tests/ovn-sbctl.at])
+m4_include([tests/ovn-ic-nbctl.at])
m4_include([tests/ovn-controller.at])
m4_include([tests/ovn-controller-vtep.at])
m4_include([tests/checkpatch.at])
diff --git a/utilities/.gitignore b/utilities/.gitignore
index ab063fa..6c710fb 100644
--- a/utilities/.gitignore
+++ b/utilities/.gitignore
@@ -3,6 +3,8 @@
/ovn-nbctl.8
/ovn-sbctl
/ovn-sbctl.8
+/ovn-ic-nbctl
+/ovn-ic-nbctl.8
/ovn-appctl
/ovn-appctl.8
/ovn-trace
diff --git a/utilities/automake.mk b/utilities/automake.mk
index 4792799..ac2e034 100644
--- a/utilities/automake.mk
+++ b/utilities/automake.mk
@@ -7,6 +7,7 @@ man_MANS += \
utilities/ovn-ctl.8 \
utilities/ovn-nbctl.8 \
utilities/ovn-sbctl.8 \
+ utilities/ovn-ic-nbctl.8 \
utilities/ovn-trace.8 \
utilities/ovn-detrace.1 \
utilities/ovn-appctl.8
@@ -28,6 +29,7 @@ EXTRA_DIST += \
utilities/ovn-docker-overlay-driver.in \
utilities/ovn-docker-underlay-driver.in \
utilities/ovn-nbctl.8.xml \
+ utilities/ovn-ic-nbctl.8.xml \
utilities/ovn-appctl.8.xml \
utilities/ovn-trace.8.xml \
utilities/ovn-detrace.in \
@@ -51,6 +53,7 @@ CLEANFILES += \
utilities/ovn-docker-underlay-driver \
utilities/ovn-nbctl.8 \
utilities/ovn-sbctl.8 \
+ utilities/ovn-ic-nbctl.8 \
utilities/ovn-trace.8 \
utilities/ovn-detrace.1 \
utilities/ovn-detrace \
@@ -73,6 +76,11 @@ bin_PROGRAMS += utilities/ovn-sbctl
utilities_ovn_sbctl_SOURCES = utilities/ovn-sbctl.c
utilities_ovn_sbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la
+# ovn-ic-nbctl
+bin_PROGRAMS += utilities/ovn-ic-nbctl
+utilities_ovn_ic_nbctl_SOURCES = utilities/ovn-ic-nbctl.c
+utilities_ovn_ic_nbctl_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la
+
# ovn-trace
bin_PROGRAMS += utilities/ovn-trace
utilities_ovn_trace_SOURCES = utilities/ovn-trace.c
diff --git a/utilities/ovn-ic-nbctl.8.xml b/utilities/ovn-ic-nbctl.8.xml
new file mode 100644
index 0000000..4a70994
--- /dev/null
+++ b/utilities/ovn-ic-nbctl.8.xml
@@ -0,0 +1,174 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manpage program="ovn-ic-nbctl" section="8" title="ovn-ic-nbctl">
+ <h1>Name</h1>
+ <p>ovn-ic-nbctl -- Open Virtual Network interconnection northbound db management utility</p>
+
+ <h1>Synopsis</h1>
+ <p><code>ovn-ic-nbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p>
+
+ <h1>Description</h1>
+ <p>This utility can be used to manage the OVN interconnection northbound database.</p>
+
+ <h1>General Commands</h1>
+
+ <dl>
+ <dt><code>init</code></dt>
+ <dd>
+ Initializes the database, if it is empty. If the database has already
+ been initialized, this command has no effect.
+ </dd>
+
+ <dt><code>show</code></dt>
+ <dd>
+ Prints a brief overview of the database contents.
+ </dd>
+ </dl>
+
+ <h1>Transit Switch Commands</h1>
+
+ <dl>
+ <dt>[<code>--may-exist</code>] <code>ts-add</code> <var>switch</var></dt>
+ <dd>
+ <p>
+ Creates a new transit switch named <var>switch</var>.
+ </p>
+
+ <p>
+ Transit switch names must be unique. Adding a duplicated name results
+ in error. With <code>--may-exist</code>, adding a duplicate name
+ succeeds but does not create a new transit switch.
+ </p>
+ </dd>
+
+ <dt>[<code>--if-exists</code>] <code>ts-del</code> <var>switch</var></dt>
+ <dd>
+ Deletes <var>switch</var>. It is an error if <var>switch</var> does
+ not exist, unless <code>--if-exists</code> is specified.
+ </dd>
+
+ <dt><code>ts-list</code></dt>
+ <dd>
+ Lists all existing switches on standard output, one per line.
+ </dd>
+ </dl>
+
+ <h1>Database Commands</h1>
+ <p>These commands query and modify the contents of <code>ovsdb</code> tables.
+ They are a slight abstraction of the <code>ovsdb</code> interface and
+ as such they operate at a lower level than other <code>ovn-ic-nbctl</code> commands.</p>
+ <p><var>Identifying Tables, Records, and Columns</var></p>
+ <p>Each of these commands has a <var>table</var> parameter to identify a table
+ within the database. Many of them also take a <var>record</var> parameter
+ that identifies a particular record within a table. The <var>record</var>
+ parameter may be the UUID for a record, which may be abbreviated to its
+ first 4 (or more) hex digits, as long as that is unique. Many tables offer
+ additional ways to identify records. Some commands also take
+ <var>column</var> parameters that identify a particular field within the
+ records in a table.</p>
+
+ <p>
+ For a list of tables and their columns, see <code>ovn-ic-nb</code>(5) or
+ see the table listing from the <code>--help</code> option.
+ </p>
+
+ <p>
+ Record names must be specified in full and with correct capitalization,
+ except that UUIDs may be abbreviated to their first 4 (or more) hex
+ digits, as long as that is unique within the table. Names of tables and
+ columns are not case-sensitive, and <code>-</code> and <code>_</code> are
+ treated interchangeably. Unique abbreviations of table and column names
+ are acceptable, e.g. <code>t</code> or <code>transit</code> is sufficient
+ to identify the <code>Transit_Switch</code> table.
+ </p>
+
+ <xi:include href="lib/db-ctl-base.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+
+ <h1>Remote Connectivity Commands</h1>
+ <dl>
+ <dt><code>get-connection</code></dt>
+ <dd>
+ Prints the configured connection(s).
+ </dd>
+
+ <dt><code>del-connection</code></dt>
+ <dd>
+ Deletes the configured connection(s).
+ </dd>
+
+ <dt>[<code>--inactivity-probe=</code><var>msecs</var>] <code>set-connection</code> <var>target</var>...</dt>
+ <dd>
+ Sets the configured manager target or targets. Use
+ <code>--inactivity-probe=</code><var>msecs</var> to override the default
+ idle connection inactivity probe time. Use 0 to disable inactivity probes.
+ </dd>
+ </dl>
+
+ <h1>SSL Configuration Commands</h1>
+ <dl>
+ <dt><code>get-ssl</code></dt>
+ <dd>
+ Prints the SSL configuration.
+ </dd>
+
+ <dt><code>del-ssl</code></dt>
+ <dd>
+ Deletes the current SSL configuration.
+ </dd>
+
+ <dt>[<code>--bootstrap</code>] <code>set-ssl</code>
+ <var>private-key</var> <var>certificate</var> <var>ca-cert</var>
+ [<var>ssl-protocol-list</var> [<var>ssl-cipher-list</var>]]</dt>
+ <dd>
+ Sets the SSL configuration.
+ </dd>
+ </dl>
+
+ <h1>Options</h1>
+
+ <dl>
+ <dt><code>--db</code> <var>database</var></dt>
+ <dd>
+ The OVSDB database remote to contact. If the <env>OVN_IC_NB_DB</env>
+ environment variable is set, its value is used as the default.
+ Otherwise, the default is <code>unix:@RUNDIR@/ovn_ic_nb_db.sock</code>, but this
+ default is unlikely to be useful outside of single-machine OVN test
+ environments.
+ </dd>
+
+ <dt><code>--leader-only</code></dt>
+ <dt><code>--no-leader-only</code></dt>
+ <dd>
+ By default, or with <code>--leader-only</code>, when the database server
+ is a clustered database, <code>ovn-ic-nbctl</code> will avoid servers other
+ than the cluster leader. This ensures that any data that
+ <code>ovn-ic-nbctl</code> reads and reports is up-to-date. With
+ <code>--no-leader-only</code>, <code>ovn-ic-nbctl</code> will use any server
+ in the cluster, which means that for read-only transactions it can report
+ and act on stale data (transactions that modify the database are always
+ serialized even with <code>--no-leader-only</code>). Refer to
+ <code>Understanding Cluster Consistency</code> in <code>ovsdb</code>(7)
+ for more information.
+ </dd>
+ </dl>
+
+ <h1>Logging options</h1>
+ <xi:include href="lib/vlog.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+
+ <h1>Table Formatting Options</h1>
+ These options control the format of output from the <code>list</code> and
+ <code>find</code> commands.
+ <xi:include href="lib/table.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+
+ <h2>PKI Options</h2>
+ <p>
+ PKI configuration is required to use SSL for the connection to the
+ database.
+ </p>
+ <xi:include href="lib/ssl.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+ <xi:include href="lib/ssl-bootstrap.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+
+ <h2>Other Options</h2>
+
+ <xi:include href="lib/common.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+
+</manpage>
diff --git a/utilities/ovn-ic-nbctl.c b/utilities/ovn-ic-nbctl.c
new file mode 100644
index 0000000..9f209a9
--- /dev/null
+++ b/utilities/ovn-ic-nbctl.c
@@ -0,0 +1,950 @@
+/*
+ * Copyright (c) 2020 eBay Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+
+#include <ctype.h>
+#include <getopt.h>
+#include <inttypes.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include "command-line.h"
+#include "compiler.h"
+#include "db-ctl-base.h"
+#include "dirs.h"
+#include "fatal-signal.h"
+#include "openvswitch/dynamic-string.h"
+#include "openvswitch/json.h"
+#include "openvswitch/shash.h"
+#include "openvswitch/vconn.h"
+#include "openvswitch/vlog.h"
+#include "lib/ovn-ic-nb-idl.h"
+#include "lib/ovn-util.h"
+#include "openvswitch/poll-loop.h"
+#include "process.h"
+#include "sset.h"
+#include "stream-ssl.h"
+#include "stream.h"
+#include "table.h"
+#include "timeval.h"
+#include "util.h"
+#include "svec.h"
+
+VLOG_DEFINE_THIS_MODULE(ic_nbctl);
+
+struct ic_nbctl_context;
+
+/* --db: The database server to contact. */
+static const char *db;
+
+/* --oneline: Write each command's output as a single line? */
+static bool oneline;
+
+/* --dry-run: Do not commit any changes. */
+static bool dry_run;
+
+/* --timeout: Time to wait for a connection to 'db'. */
+static unsigned int timeout;
+
+/* Format for table output. */
+static struct table_style table_style = TABLE_STYLE_DEFAULT;
+
+/* The IDL we're using and the current transaction, if any.
+ * This is for use by ic_nbctl_exit() only, to allow it to clean up.
+ * Other code should use its context arguments. */
+static struct ovsdb_idl *the_idl;
+static struct ovsdb_idl_txn *the_idl_txn;
+OVS_NO_RETURN static void ic_nbctl_exit(int status);
+
+/* --leader-only, --no-leader-only: Only accept the leader in a cluster. */
+static int leader_only = true;
+
+static void ic_nbctl_cmd_init(void);
+OVS_NO_RETURN static void usage(void);
+static void parse_options(int argc, char *argv[], struct shash *local_options);
+static void run_prerequisites(struct ctl_command[], size_t n_commands,
+ struct ovsdb_idl *);
+static bool do_ic_nbctl(const char *args, struct ctl_command *, size_t n,
+ struct ovsdb_idl *);
+
+int
+main(int argc, char *argv[])
+{
+ struct ovsdb_idl *idl;
+ struct ctl_command *commands;
+ struct shash local_options;
+ unsigned int seqno;
+ size_t n_commands;
+
+ set_program_name(argv[0]);
+ fatal_ignore_sigpipe();
+ vlog_set_levels(NULL, VLF_CONSOLE, VLL_WARN);
+ vlog_set_levels_from_string_assert("reconnect:warn");
+
+ ic_nbctl_cmd_init();
+
+ /* Parse command line. */
+ char *args = process_escape_args(argv);
+ shash_init(&local_options);
+ parse_options(argc, argv, &local_options);
+ char *error = ctl_parse_commands(argc - optind, argv + optind,
+ &local_options, &commands, &n_commands);
+ if (error) {
+ ctl_fatal("%s", error);
+ }
+ VLOG(ctl_might_write_to_db(commands, n_commands) ? VLL_INFO : VLL_DBG,
+ "Called as %s", args);
+
+ ctl_timeout_setup(timeout);
+
+ /* Initialize IDL. */
+ idl = the_idl = ovsdb_idl_create(db, &icnbrec_idl_class, true, false);
+ ovsdb_idl_set_leader_only(idl, leader_only);
+ run_prerequisites(commands, n_commands, idl);
+
+ /* Execute the commands.
+ *
+ * 'seqno' is the database sequence number for which we last tried to
+ * execute our transaction. There's no point in trying to commit more than
+ * once for any given sequence number, because if the transaction fails
+ * it's because the database changed and we need to obtain an up-to-date
+ * view of the database before we try the transaction again. */
+ seqno = ovsdb_idl_get_seqno(idl);
+ for (;;) {
+ ovsdb_idl_run(idl);
+ if (!ovsdb_idl_is_alive(idl)) {
+ int retval = ovsdb_idl_get_last_error(idl);
+ ctl_fatal("%s: database connection failed (%s)",
+ db, ovs_retval_to_string(retval));
+ }
+
+ if (seqno != ovsdb_idl_get_seqno(idl)) {
+ seqno = ovsdb_idl_get_seqno(idl);
+ if (do_ic_nbctl(args, commands, n_commands, idl)) {
+ free(args);
+ exit(EXIT_SUCCESS);
+ }
+ }
+
+ if (seqno == ovsdb_idl_get_seqno(idl)) {
+ ovsdb_idl_wait(idl);
+ poll_block();
+ }
+ }
+}
+
+static void
+parse_options(int argc, char *argv[], struct shash *local_options)
+{
+ enum {
+ OPT_DB = UCHAR_MAX + 1,
+ OPT_ONELINE,
+ OPT_NO_SYSLOG,
+ OPT_DRY_RUN,
+ OPT_LOCAL,
+ OPT_COMMANDS,
+ OPT_OPTIONS,
+ OPT_BOOTSTRAP_CA_CERT,
+ VLOG_OPTION_ENUMS,
+ TABLE_OPTION_ENUMS,
+ SSL_OPTION_ENUMS,
+ };
+ static const struct option global_long_options[] = {
+ {"db", required_argument, NULL, OPT_DB},
+ {"no-syslog", no_argument, NULL, OPT_NO_SYSLOG},
+ {"dry-run", no_argument, NULL, OPT_DRY_RUN},
+ {"oneline", no_argument, NULL, OPT_ONELINE},
+ {"timeout", required_argument, NULL, 't'},
+ {"help", no_argument, NULL, 'h'},
+ {"commands", no_argument, NULL, OPT_COMMANDS},
+ {"options", no_argument, NULL, OPT_OPTIONS},
+ {"leader-only", no_argument, &leader_only, true},
+ {"no-leader-only", no_argument, &leader_only, false},
+ {"version", no_argument, NULL, 'V'},
+ VLOG_LONG_OPTIONS,
+ STREAM_SSL_LONG_OPTIONS,
+ {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
+ TABLE_LONG_OPTIONS,
+ {NULL, 0, NULL, 0},
+ };
+ const int n_global_long_options = ARRAY_SIZE(global_long_options) - 1;
+ char *tmp, *short_options;
+
+ struct option *options;
+ size_t allocated_options;
+ size_t n_options;
+ size_t i;
+
+ tmp = ovs_cmdl_long_options_to_short_options(global_long_options);
+ short_options = xasprintf("+%s", tmp);
+ free(tmp);
+
+ /* We want to parse both global and command-specific options here, but
+ * getopt_long() isn't too convenient for the job. We copy our global
+ * options into a dynamic array, then append all of the command-specific
+ * options. */
+ options = xmemdup(global_long_options, sizeof global_long_options);
+ allocated_options = ARRAY_SIZE(global_long_options);
+ n_options = n_global_long_options;
+ ctl_add_cmd_options(&options, &n_options, &allocated_options, OPT_LOCAL);
+
+ for (;;) {
+ int idx;
+ int c;
+
+ c = getopt_long(argc, argv, short_options, options, &idx);
+ if (c == -1) {
+ break;
+ }
+
+ switch (c) {
+ case OPT_DB:
+ db = optarg;
+ break;
+
+ case OPT_ONELINE:
+ oneline = true;
+ break;
+
+ case OPT_NO_SYSLOG:
+ vlog_set_levels(&this_module, VLF_SYSLOG, VLL_WARN);
+ break;
+
+ case OPT_DRY_RUN:
+ dry_run = true;
+ break;
+
+ case OPT_LOCAL:
+ if (shash_find(local_options, options[idx].name)) {
+ ctl_fatal("'%s' option specified multiple times",
+ options[idx].name);
+ }
+ shash_add_nocopy(local_options,
+ xasprintf("--%s", options[idx].name),
+ nullable_xstrdup(optarg));
+ break;
+
+ case 'h':
+ usage();
+
+ case OPT_COMMANDS:
+ ctl_print_commands();
+ /* fall through */
+
+ case OPT_OPTIONS:
+ ctl_print_options(global_long_options);
+ /* fall through */
+
+ case 'V':
+ ovs_print_version(0, 0);
+ printf("DB Schema %s\n", icnbrec_get_db_version());
+ exit(EXIT_SUCCESS);
+
+ case 't':
+ if (!str_to_uint(optarg, 10, &timeout) || !timeout) {
+ ctl_fatal("value %s on -t or --timeout is invalid", optarg);
+ }
+ break;
+
+ VLOG_OPTION_HANDLERS
+ TABLE_OPTION_HANDLERS(&table_style)
+ STREAM_SSL_OPTION_HANDLERS
+
+ case OPT_BOOTSTRAP_CA_CERT:
+ stream_ssl_set_ca_cert_file(optarg, true);
+ break;
+
+ case '?':
+ exit(EXIT_FAILURE);
+
+ default:
+ ovs_abort(0, "Internal error when parsing option %d.", c);
+
+ case 0:
+ break;
+ }
+ }
+ free(short_options);
+
+ if (!db) {
+ db = default_ic_nb_db();
+ }
+
+ for (i = n_global_long_options; options[i].name; i++) {
+ free(CONST_CAST(char *, options[i].name));
+ }
+ free(options);
+}
+
+static void
+usage(void)
+{
+ printf("\
+%s: OVN interconnection northbound DB management utility\n\
+\n\
+usage: %s [OPTIONS] COMMAND [ARG...]\n\
+\n\
+General commands:\n\
+ init initialize the database\n\
+ show print overview of database contents\n\
+\n\
+Transit switch commands:\n\
+ ts-add SWITCH create a transit switch named SWITCH\n\
+ ts-del SWITCH delete SWITCH\n\
+ ts-list print all transit switches\n\
+\n\
+Connection commands:\n\
+ get-connection print the connections\n\
+ del-connection delete the connections\n\
+ [--inactivity-probe=MSECS]\n\
+ set-connection TARGET... set the list of connections to TARGET...\n\
+\n\
+SSL commands:\n\
+ get-ssl print the SSL configuration\n\
+ del-ssl delete the SSL configuration\n\
+ set-ssl PRIV-KEY CERT CA-CERT [SSL-PROTOS [SSL-CIPHERS]] \
+set the SSL configuration\n\
+\n\
+%s\
+%s\
+\n\
+Options:\n\
+ --db=DATABASE connect to DATABASE\n\
+ (default: %s)\n\
+ --no-leader-only accept any cluster member, not just the leader\n\
+ -t, --timeout=SECS wait at most SECS seconds\n\
+ --dry-run do not commit changes to database\n\
+ --oneline print exactly one line of output per command\n",
+ program_name, program_name, ctl_get_db_cmd_usage(),
+ ctl_list_db_tables_usage(), default_ic_nb_db());
+ table_usage();
+ vlog_usage();
+ printf("\
+ --no-syslog equivalent to --verbose=ic_nbctl:syslog:warn\n");
+ printf("\n\
+Other options:\n\
+ -h, --help display this help message\n\
+ -V, --version display version information\n");
+ stream_usage("database", true, true, true);
+ exit(EXIT_SUCCESS);
+}
+
+
+/* ovs-ic_nbctl specific context. Inherits the 'struct ctl_context' as base.
+ * Now empty, just keep the framework for future additions. */
+struct ic_nbctl_context {
+ struct ctl_context base;
+
+ /* A cache of the contents of the database.
+ *
+ * A command that needs to use any of this information must first call
+ * ic_nbctl_context_populate_cache(). A command that changes anything that
+ * could invalidate the cache must either call
+ * ic_nbctl_context_invalidate_cache() or manually update the cache to
+ * maintain its correctness. */
+ bool cache_valid;
+};
+
+static struct cmd_show_table cmd_show_tables[] = {
+ {&icnbrec_table_transit_switch,
+ &icnbrec_transit_switch_col_name,
+ {NULL},
+ {NULL, NULL, NULL}},
+
+ {NULL, NULL, {NULL, NULL, NULL}, {NULL, NULL, NULL}},
+};
+
+static void
+ic_nbctl_init(struct ctl_context *ctx OVS_UNUSED)
+{
+}
+
+static void
+ic_nbctl_ts_add(struct ctl_context *ctx)
+{
+ const char *ts_name = ctx->argv[1];
+ bool may_exist = shash_find(&ctx->options, "--may-exist") != NULL;
+
+ const struct icnbrec_transit_switch *ts;
+ ICNBREC_TRANSIT_SWITCH_FOR_EACH (ts, ctx->idl) {
+ if (!strcmp(ts->name, ts_name)) {
+ if (may_exist) {
+ return;
+ }
+ ctl_error(ctx, "%s: a transit switch with this name already "
+ "exists", ts_name);
+ return;
+ }
+ }
+
+ ts = icnbrec_transit_switch_insert(ctx->txn);
+ icnbrec_transit_switch_set_name(ts, ts_name);
+}
+
+static char *
+ts_by_name_or_uuid(struct ctl_context *ctx, const char *id, bool must_exist,
+ const struct icnbrec_transit_switch **ts_p)
+{
+ const struct icnbrec_transit_switch *ts = NULL;
+ *ts_p = NULL;
+
+ struct uuid ts_uuid;
+ bool is_uuid = uuid_from_string(&ts_uuid, id);
+ if (is_uuid) {
+ ts = icnbrec_transit_switch_get_for_uuid(ctx->idl, &ts_uuid);
+ }
+
+ if (!ts) {
+ const struct icnbrec_transit_switch *iter;
+
+ ICNBREC_TRANSIT_SWITCH_FOR_EACH (iter, ctx->idl) {
+ if (!strcmp(iter->name, id)) {
+ ts = iter;
+ break;
+ }
+ }
+ }
+
+ if (!ts && must_exist) {
+ return xasprintf("%s: switch %s not found",
+ id, is_uuid ? "UUID" : "name");
+ }
+
+ *ts_p = ts;
+ return NULL;
+}
+
+static void
+ic_nbctl_ts_del(struct ctl_context *ctx)
+{
+ bool must_exist = !shash_find(&ctx->options, "--if-exists");
+ const char *id = ctx->argv[1];
+ const struct icnbrec_transit_switch *ts = NULL;
+
+ char *error = ts_by_name_or_uuid(ctx, id, must_exist, &ts);
+ if (error) {
+ ctx->error = error;
+ return;
+ }
+ if (!ts) {
+ return;
+ }
+
+ icnbrec_transit_switch_delete(ts);
+}
+
+static void
+ic_nbctl_ts_list(struct ctl_context *ctx)
+{
+ const struct icnbrec_transit_switch *ts;
+ struct smap switches;
+
+ smap_init(&switches);
+ ICNBREC_TRANSIT_SWITCH_FOR_EACH (ts, ctx->idl) {
+ smap_add_format(&switches, ts->name, UUID_FMT " (%s)",
+ UUID_ARGS(&ts->header_.uuid), ts->name);
+ }
+ const struct smap_node **nodes = smap_sort(&switches);
+ for (size_t i = 0; i < smap_count(&switches); i++) {
+ const struct smap_node *node = nodes[i];
+ ds_put_format(&ctx->output, "%s\n", node->value);
+ }
+ smap_destroy(&switches);
+ free(nodes);
+}
+static void
+verify_connections(struct ctl_context *ctx)
+{
+ const struct icnbrec_ic_nb_global *ic_nb_global =
+ icnbrec_ic_nb_global_first(ctx->idl);
+ const struct icnbrec_connection *conn;
+
+ icnbrec_ic_nb_global_verify_connections(ic_nb_global);
+
+ ICNBREC_CONNECTION_FOR_EACH (conn, ctx->idl) {
+ icnbrec_connection_verify_target(conn);
+ }
+}
+
+static void
+pre_connection(struct ctl_context *ctx)
+{
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ic_nb_global_col_connections);
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_connection_col_target);
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_connection_col_inactivity_probe);
+}
+
+static void
+cmd_get_connection(struct ctl_context *ctx)
+{
+ const struct icnbrec_connection *conn;
+ struct svec targets;
+ size_t i;
+
+ verify_connections(ctx);
+
+ /* Print the targets in sorted order for reproducibility. */
+ svec_init(&targets);
+
+ ICNBREC_CONNECTION_FOR_EACH (conn, ctx->idl) {
+ svec_add(&targets, conn->target);
+ }
+
+ svec_sort_unique(&targets);
+ for (i = 0; i < targets.n; i++) {
+ ds_put_format(&ctx->output, "%s\n", targets.names[i]);
+ }
+ svec_destroy(&targets);
+}
+
+static void
+delete_connections(struct ctl_context *ctx)
+{
+ const struct icnbrec_ic_nb_global *ic_nb_global =
+ icnbrec_ic_nb_global_first(ctx->idl);
+ const struct icnbrec_connection *conn, *next;
+
+ /* Delete Manager rows pointed to by 'connection_options' column. */
+ ICNBREC_CONNECTION_FOR_EACH_SAFE (conn, next, ctx->idl) {
+ icnbrec_connection_delete(conn);
+ }
+
+ /* Delete 'Manager' row refs in 'manager_options' column. */
+ icnbrec_ic_nb_global_set_connections(ic_nb_global, NULL, 0);
+}
+
+static void
+cmd_del_connection(struct ctl_context *ctx)
+{
+ verify_connections(ctx);
+ delete_connections(ctx);
+}
+
+static void
+insert_connections(struct ctl_context *ctx, char *targets[], size_t n)
+{
+ const struct icnbrec_ic_nb_global *ic_nb_global =
+ icnbrec_ic_nb_global_first(ctx->idl);
+ struct icnbrec_connection **connections;
+ size_t i, conns = 0;
+ const char *inactivity_probe = shash_find_data(&ctx->options,
+ "--inactivity-probe");
+
+ /* Insert each connection in a new row in Connection table. */
+ connections = xmalloc(n * sizeof *connections);
+ for (i = 0; i < n; i++) {
+ if (stream_verify_name(targets[i]) &&
+ pstream_verify_name(targets[i])) {
+ VLOG_WARN("target type \"%s\" is possibly erroneous", targets[i]);
+ }
+
+ connections[conns] = icnbrec_connection_insert(ctx->txn);
+ icnbrec_connection_set_target(connections[conns], targets[i]);
+ if (inactivity_probe) {
+ int64_t msecs = atoll(inactivity_probe);
+ icnbrec_connection_set_inactivity_probe(connections[conns],
+ &msecs, 1);
+ }
+ conns++;
+ }
+
+ /* Store uuids of new connection rows in 'connection' column. */
+ icnbrec_ic_nb_global_set_connections(ic_nb_global, connections, conns);
+ free(connections);
+}
+
+static void
+cmd_set_connection(struct ctl_context *ctx)
+{
+ const size_t n = ctx->argc - 1;
+
+ verify_connections(ctx);
+ delete_connections(ctx);
+ insert_connections(ctx, &ctx->argv[1], n);
+}
+
+static void
+pre_cmd_get_ssl(struct ctl_context *ctx)
+{
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ic_nb_global_col_ssl);
+
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ssl_col_private_key);
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ssl_col_certificate);
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ssl_col_ca_cert);
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ssl_col_bootstrap_ca_cert);
+}
+
+static void
+cmd_get_ssl(struct ctl_context *ctx)
+{
+ const struct icnbrec_ic_nb_global *ic_nb_global =
+ icnbrec_ic_nb_global_first(ctx->idl);
+ const struct icnbrec_ssl *ssl = icnbrec_ssl_first(ctx->idl);
+
+ icnbrec_ic_nb_global_verify_ssl(ic_nb_global);
+ if (ssl) {
+ icnbrec_ssl_verify_private_key(ssl);
+ icnbrec_ssl_verify_certificate(ssl);
+ icnbrec_ssl_verify_ca_cert(ssl);
+ icnbrec_ssl_verify_bootstrap_ca_cert(ssl);
+
+ ds_put_format(&ctx->output, "Private key: %s\n", ssl->private_key);
+ ds_put_format(&ctx->output, "Certificate: %s\n", ssl->certificate);
+ ds_put_format(&ctx->output, "CA Certificate: %s\n", ssl->ca_cert);
+ ds_put_format(&ctx->output, "Bootstrap: %s\n",
+ ssl->bootstrap_ca_cert ? "true" : "false");
+ }
+}
+
+static void
+pre_cmd_del_ssl(struct ctl_context *ctx)
+{
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ic_nb_global_col_ssl);
+}
+
+static void
+cmd_del_ssl(struct ctl_context *ctx)
+{
+ const struct icnbrec_ic_nb_global *ic_nb_global =
+ icnbrec_ic_nb_global_first(ctx->idl);
+ const struct icnbrec_ssl *ssl = icnbrec_ssl_first(ctx->idl);
+
+ if (ssl) {
+ icnbrec_ic_nb_global_verify_ssl(ic_nb_global);
+ icnbrec_ssl_delete(ssl);
+ icnbrec_ic_nb_global_set_ssl(ic_nb_global, NULL);
+ }
+}
+
+static void
+pre_cmd_set_ssl(struct ctl_context *ctx)
+{
+ ovsdb_idl_add_column(ctx->idl, &icnbrec_ic_nb_global_col_ssl);
+}
+
+static void
+cmd_set_ssl(struct ctl_context *ctx)
+{
+ bool bootstrap = shash_find(&ctx->options, "--bootstrap");
+ const struct icnbrec_ic_nb_global *ic_nb_global =
+ icnbrec_ic_nb_global_first(ctx->idl);
+ const struct icnbrec_ssl *ssl = icnbrec_ssl_first(ctx->idl);
+
+ icnbrec_ic_nb_global_verify_ssl(ic_nb_global);
+ if (ssl) {
+ icnbrec_ssl_delete(ssl);
+ }
+ ssl = icnbrec_ssl_insert(ctx->txn);
+
+ icnbrec_ssl_set_private_key(ssl, ctx->argv[1]);
+ icnbrec_ssl_set_certificate(ssl, ctx->argv[2]);
+ icnbrec_ssl_set_ca_cert(ssl, ctx->argv[3]);
+
+ icnbrec_ssl_set_bootstrap_ca_cert(ssl, bootstrap);
+
+ if (ctx->argc == 5) {
+ icnbrec_ssl_set_ssl_protocols(ssl, ctx->argv[4]);
+ } else if (ctx->argc == 6) {
+ icnbrec_ssl_set_ssl_protocols(ssl, ctx->argv[4]);
+ icnbrec_ssl_set_ssl_ciphers(ssl, ctx->argv[5]);
+ }
+
+ icnbrec_ic_nb_global_set_ssl(ic_nb_global, ssl);
+}
+
+
+static const struct ctl_table_class tables[ICNBREC_N_TABLES] = {
+ [ICNBREC_TABLE_TRANSIT_SWITCH].row_ids[0] =
+ {&icnbrec_transit_switch_col_name, NULL, NULL},
+};
+
+
+static void
+ic_nbctl_context_init_command(struct ic_nbctl_context *ic_nbctl_ctx,
+ struct ctl_command *command)
+{
+ ctl_context_init_command(&ic_nbctl_ctx->base, command);
+}
+
+static void
+ic_nbctl_context_init(struct ic_nbctl_context *ic_nbctl_ctx,
+ struct ctl_command *command, struct ovsdb_idl *idl,
+ struct ovsdb_idl_txn *txn,
+ struct ovsdb_symbol_table *symtab)
+{
+ ctl_context_init(&ic_nbctl_ctx->base, command, idl, txn, symtab,
+ NULL);
+ ic_nbctl_ctx->cache_valid = false;
+}
+
+static void
+ic_nbctl_context_done_command(struct ic_nbctl_context *ic_nbctl_ctx,
+ struct ctl_command *command)
+{
+ ctl_context_done_command(&ic_nbctl_ctx->base, command);
+}
+
+static void
+ic_nbctl_context_done(struct ic_nbctl_context *ic_nbctl_ctx,
+ struct ctl_command *command)
+{
+ ctl_context_done(&ic_nbctl_ctx->base, command);
+}
+
+static void
+run_prerequisites(struct ctl_command *commands, size_t n_commands,
+ struct ovsdb_idl *idl)
+{
+ ovsdb_idl_add_table(idl, &icnbrec_table_ic_nb_global);
+
+ for (struct ctl_command *c = commands; c < &commands[n_commands]; c++) {
+ if (c->syntax->prerequisites) {
+ struct ic_nbctl_context ic_nbctl_ctx;
+
+ ds_init(&c->output);
+ c->table = NULL;
+
+ ic_nbctl_context_init(&ic_nbctl_ctx, c, idl, NULL, NULL);
+ (c->syntax->prerequisites)(&ic_nbctl_ctx.base);
+ if (ic_nbctl_ctx.base.error) {
+ ctl_fatal("%s", ic_nbctl_ctx.base.error);
+ }
+ ic_nbctl_context_done(&ic_nbctl_ctx, c);
+
+ ovs_assert(!c->output.string);
+ ovs_assert(!c->table);
+ }
+ }
+}
+
+static bool
+do_ic_nbctl(const char *args, struct ctl_command *commands, size_t n_commands,
+ struct ovsdb_idl *idl)
+{
+ struct ovsdb_idl_txn *txn;
+ enum ovsdb_idl_txn_status status;
+ struct ovsdb_symbol_table *symtab;
+ struct ic_nbctl_context ic_nbctl_ctx;
+ struct ctl_command *c;
+ struct shash_node *node;
+
+ txn = the_idl_txn = ovsdb_idl_txn_create(idl);
+ if (dry_run) {
+ ovsdb_idl_txn_set_dry_run(txn);
+ }
+
+ ovsdb_idl_txn_add_comment(txn, "ovs-ic_nbctl: %s", args);
+
+ const struct icnbrec_ic_nb_global *inb = icnbrec_ic_nb_global_first(idl);
+ if (!inb) {
+ /* XXX add verification that table is empty */
+ icnbrec_ic_nb_global_insert(txn);
+ }
+
+ symtab = ovsdb_symbol_table_create();
+ for (c = commands; c < &commands[n_commands]; c++) {
+ ds_init(&c->output);
+ c->table = NULL;
+ }
+ ic_nbctl_context_init(&ic_nbctl_ctx, NULL, idl, txn, symtab);
+ for (c = commands; c < &commands[n_commands]; c++) {
+ ic_nbctl_context_init_command(&ic_nbctl_ctx, c);
+ if (c->syntax->run) {
+ (c->syntax->run)(&ic_nbctl_ctx.base);
+ }
+ if (ic_nbctl_ctx.base.error) {
+ ctl_fatal("%s", ic_nbctl_ctx.base.error);
+ }
+ ic_nbctl_context_done_command(&ic_nbctl_ctx, c);
+
+ if (ic_nbctl_ctx.base.try_again) {
+ ic_nbctl_context_done(&ic_nbctl_ctx, NULL);
+ goto try_again;
+ }
+ }
+ ic_nbctl_context_done(&ic_nbctl_ctx, NULL);
+
+ SHASH_FOR_EACH (node, &symtab->sh) {
+ struct ovsdb_symbol *symbol = node->data;
+ if (!symbol->created) {
+ ctl_fatal("row id \"%s\" is referenced but never created (e.g. "
+ "with \"-- --id=%s create ...\")",
+ node->name, node->name);
+ }
+ if (!symbol->strong_ref) {
+ if (!symbol->weak_ref) {
+ VLOG_WARN("row id \"%s\" was created but no reference to it "
+ "was inserted, so it will not actually appear in "
+ "the database", node->name);
+ } else {
+ VLOG_WARN("row id \"%s\" was created but only a weak "
+ "reference to it was inserted, so it will not "
+ "actually appear in the database", node->name);
+ }
+ }
+ }
+
+ status = ovsdb_idl_txn_commit_block(txn);
+ if (status == TXN_UNCHANGED || status == TXN_SUCCESS) {
+ for (c = commands; c < &commands[n_commands]; c++) {
+ if (c->syntax->postprocess) {
+ ic_nbctl_context_init(&ic_nbctl_ctx, c, idl, txn, symtab);
+ (c->syntax->postprocess)(&ic_nbctl_ctx.base);
+ if (ic_nbctl_ctx.base.error) {
+ ctl_fatal("%s", ic_nbctl_ctx.base.error);
+ }
+ ic_nbctl_context_done(&ic_nbctl_ctx, c);
+ }
+ }
+ }
+
+ switch (status) {
+ case TXN_UNCOMMITTED:
+ case TXN_INCOMPLETE:
+ OVS_NOT_REACHED();
+
+ case TXN_ABORTED:
+ /* Should not happen--we never call ovsdb_idl_txn_abort(). */
+ ctl_fatal("transaction aborted");
+
+ case TXN_UNCHANGED:
+ case TXN_SUCCESS:
+ break;
+
+ case TXN_TRY_AGAIN:
+ goto try_again;
+
+ case TXN_ERROR:
+ ctl_fatal("transaction error: %s", ovsdb_idl_txn_get_error(txn));
+
+ case TXN_NOT_LOCKED:
+ /* Should not happen--we never call ovsdb_idl_set_lock(). */
+ ctl_fatal("database not locked");
+
+ default:
+ OVS_NOT_REACHED();
+ }
+
+ ovsdb_symbol_table_destroy(symtab);
+
+ for (c = commands; c < &commands[n_commands]; c++) {
+ struct ds *ds = &c->output;
+
+ if (c->table) {
+ table_print(c->table, &table_style);
+ } else if (oneline) {
+ size_t j;
+
+ ds_chomp(ds, '\n');
+ for (j = 0; j < ds->length; j++) {
+ int ch = ds->string[j];
+ switch (ch) {
+ case '\n':
+ fputs("\\n", stdout);
+ break;
+
+ case '\\':
+ fputs("\\\\", stdout);
+ break;
+
+ default:
+ putchar(ch);
+ }
+ }
+ putchar('\n');
+ } else {
+ fputs(ds_cstr(ds), stdout);
+ }
+ ds_destroy(&c->output);
+ table_destroy(c->table);
+ free(c->table);
+
+ shash_destroy_free_data(&c->options);
+ }
+ free(commands);
+ ovsdb_idl_txn_destroy(txn);
+ ovsdb_idl_destroy(idl);
+
+ return true;
+
+try_again:
+ /* Our transaction needs to be rerun, or a prerequisite was not met. Free
+ * resources and return so that the caller can try again. */
+ ovsdb_idl_txn_abort(txn);
+ ovsdb_idl_txn_destroy(txn);
+ the_idl_txn = NULL;
+
+ ovsdb_symbol_table_destroy(symtab);
+ for (c = commands; c < &commands[n_commands]; c++) {
+ ds_destroy(&c->output);
+ table_destroy(c->table);
+ free(c->table);
+ }
+ return false;
+}
+
+/* Frees the current transaction and the underlying IDL and then calls
+ * exit(status).
+ *
+ * Freeing the transaction and the IDL is not strictly necessary, but it makes
+ * for a clean memory leak report from valgrind in the normal case. That makes
+ * it easier to notice real memory leaks. */
+static void
+ic_nbctl_exit(int status)
+{
+ if (the_idl_txn) {
+ ovsdb_idl_txn_abort(the_idl_txn);
+ ovsdb_idl_txn_destroy(the_idl_txn);
+ }
+ ovsdb_idl_destroy(the_idl);
+ exit(status);
+}
+
+static const struct ctl_command_syntax ic_nbctl_commands[] = {
+ { "init", 0, 0, "", NULL, ic_nbctl_init, NULL, "", RW },
+
+ /* transit switch commands. */
+ { "ts-add", 1, 1, "SWITCH", NULL, ic_nbctl_ts_add, NULL, "--may-exist", RW },
+ { "ts-del", 1, 1, "SWITCH", NULL, ic_nbctl_ts_del, NULL, "--if-exists", RW },
+ { "ts-list", 0, 0, "", NULL, ic_nbctl_ts_list, NULL, "", RO },
+
+ /* Connection commands. */
+ {"get-connection", 0, 0, "", pre_connection, cmd_get_connection, NULL, "",
+ RO},
+ {"del-connection", 0, 0, "", pre_connection, cmd_del_connection, NULL, "",
+ RW},
+ {"set-connection", 1, INT_MAX, "TARGET...", pre_connection,
+ cmd_set_connection, NULL, "--inactivity-probe=", RW},
+
+ /* SSL commands. */
+ {"get-ssl", 0, 0, "", pre_cmd_get_ssl, cmd_get_ssl, NULL, "", RO},
+ {"del-ssl", 0, 0, "", pre_cmd_del_ssl, cmd_del_ssl, NULL, "", RW},
+ {"set-ssl", 3, 5,
+ "PRIVATE-KEY CERTIFICATE CA-CERT [SSL-PROTOS [SSL-CIPHERS]]",
+ pre_cmd_set_ssl, cmd_set_ssl, NULL, "--bootstrap", RW},
+
+ {NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, RO},
+};
+
+/* Registers ic_nbctl and common db commands. */
+static void
+ic_nbctl_cmd_init(void)
+{
+ ctl_init(&icnbrec_idl_class, icnbrec_table_classes, tables,
+ cmd_show_tables, ic_nbctl_exit);
+ ctl_register_commands(ic_nbctl_commands);
+}
--
2.1.0
More information about the dev
mailing list