[ovs-discuss] ovsdb-server --private-key=db:OVN_Northbound, SSL, private_key etc

Brendan Doyle brendan.doyle at oracle.com
Mon Jul 19 15:29:07 UTC 2021


Folks,

When I start OVN/OVs using ovn-ctl /ovs-ctl the ovsdb-server processes 
have SSL credentials of the form:

--private-key=db:Open_vSwitch,SSL,private_key 
--certificate=db:Open_vSwitch,SSL,certificate 
--bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert

--private-key=db:OVN_Northbound,SSL,private_key 
--certificate=db:OVN_Northbound,SSL,certificate 
--ca-cert=db:OVN_Northbound,SSL,ca_cert 
--ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols 
--ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers

--private-key=db:OVN_Southbound,SSL,private_key 
--certificate=db:OVN_Southbound,SSL,certificate 
--ca-cert=db:OVN_Southbound,SSL,ca_cert 
--ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols 
--ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers

 From what I gather this means it gets these values from the database, 
OVS, OVN North/South?

But does that mean that SSL is enabled by default and use a default set 
of credentials/cipers?

Or does it mean If these values (Open_vSwitch,SSL,certificate e,g) are 
not set in the OVS, or OVN North/South bound data base
then the connections are not SSL.

And if the later is the case how are these set?

Thanks


Brendan



More information about the discuss mailing list