[ovs-git] [openvswitch/ovs] 2736ca: ovn-ctl: Allow passing ssl certs when starting OVN...

GitHub noreply at github.com
Thu Oct 11 21:48:03 UTC 2018 

  Branch: refs/heads/branch-2.10
  Home:   https://github.com/openvswitch/ovs
  Commit: 2736cad7a00e0bca7a51da67c3da20a73ef78136
      https://github.com/openvswitch/ovs/commit/2736cad7a00e0bca7a51da67c3da20a73ef78136
  Author: aginwala <amginwal at gmail.com>
  Date:   2018-10-11 (Thu, 11 Oct 2018)

  Changed paths:
    M ovn/utilities/ovn-ctl
    M ovn/utilities/ovn-ctl.8.xml

  Log Message:
  -----------
  ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.

For OVN DBs to work with SSL in HA, we need to have capability to pass ssl
certs when starting OVN DBs. Say when starting OVN DBs in active passive mode,
in order for the standby DBs to sync from master node, it cannot sync
because the required ssl certs are not passed when standby DBs are initialized.
Hence, we need to have this option.

e.g. start nb db with ssl certs as below:
/usr/share/openvswitch/scripts/ovn-ctl --ovn-nb-db-ssl-key=/etc/openvswitch/ovnnb-privkey.pem \
--ovn-nb-db-ssl-cert=/etc/openvswitch/ovnnb-cert.pem \
--ovn-nb-db-ssl-ca-cert=/etc/openvswitch/cacert.pem \
--db-nb-create-insecure-remote=no start_nb_ovsdb

When certs are passed in the command line, it will read certs from the path
mentioned instead of default db configs.

Certs can be generated based on ovs ssl docs:
http://docs.openvswitch.org/en/latest/howto/ssl/

Signed-off-by: aginwala <aginwala at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Han Zhou <hzhou8 at ebay.com>


  Commit: 99faefaa0cd42ec28133da5da9eaebfbb08b7504
      https://github.com/openvswitch/ovs/commit/99faefaa0cd42ec28133da5da9eaebfbb08b7504
  Author: aginwala <amginwal at gmail.com>
  Date:   2018-10-11 (Thu, 11 Oct 2018)

  Changed paths:
    M ovn/utilities/ovndb-servers.ocf

  Log Message:
  -----------
  ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.

When starting OVN DBs in HA using pacemaker with ssl, we need to pass ssl
certs for starting standby DBs. Hence, we need this change.

Signed-off-by: aginwala <aginwala at ebay.com>
Acked-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Numan Siddique <nusiddiq at redhat.com>


Compare: https://github.com/openvswitch/ovs/compare/954b6da5f52f...99faefaa0cd4
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the git mailing list