[ovs-discuss] ovsdb-server --private-key=db:OVN_Northbound, SSL, private_key etc

Brendan Doyle brendan.doyle at oracle.com
Mon Jul 19 17:06:07 UTC 2021


Not sure if this got sent out.

On 19/07/2021 16:29, Brendan Doyle wrote:
> Folks,
>
> When I start OVN/OVs using ovn-ctl /ovs-ctl the ovsdb-server processes 
> have SSL credentials of the form:
>
> --private-key=db:Open_vSwitch,SSL,private_key 
> --certificate=db:Open_vSwitch,SSL,certificate 
> --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
>
> --private-key=db:OVN_Northbound,SSL,private_key 
> --certificate=db:OVN_Northbound,SSL,certificate 
> --ca-cert=db:OVN_Northbound,SSL,ca_cert 
> --ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols 
> --ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers
>
> --private-key=db:OVN_Southbound,SSL,private_key 
> --certificate=db:OVN_Southbound,SSL,certificate 
> --ca-cert=db:OVN_Southbound,SSL,ca_cert 
> --ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols 
> --ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers
>
> From what I gather this means it gets these values from the database, 
> OVS, OVN North/South?
>
> But does that mean that SSL is enabled by default and use a default 
> set of credentials/cipers?
>
> Or does it mean If these values (Open_vSwitch,SSL,certificate e,g) are 
> not set in the OVS, or OVN North/South bound data base
> then the connections are not SSL.
>
> And if the later is the case how are these set?
>
> Thanks
>
>
> Brendan
>



More information about the discuss mailing list